Can't say whether it's a good idea or not to run this feature on the Cisco router in Le�nidas' particular environment, but there *is* a feature of the Cisco IOS that supports HTTP Authentication, called "Authentication Proxy":
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note 09186a0080094eb0.shtml ... which uses server-based authentication (TACACS+ or RADIUS) to authenticate users via an HTTP session and assign user-based ACLs. I can't see why it wouldn't work with FreeRADIUS. I would recommend checking the Software Advisor to see which platforms/feature-sets support the proxy. DP > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Gene Parks > Sent: Wednesday, July 09, 2003 6:45 AM > To: [EMAIL PROTECTED] > Subject: RE: Cisco IOS/Firewall HTTP Authentication through Freeradius > > > The firewall function that comes in the IOS for Cisco does > not have the granularity that you are looking for. Plus you > are asking a router to do the work of both the router and the > firewall at the same time. Cisco is good but the router will > choke if you have a lot of connections. I would think of a > redesign of the network and put the authentication function > on the web server. I would also use the firewall software to > limit the access to ports on those servers and not do the > authentication function. The router will thank you later. > > Just my two cents. > > Gene Parks > VIP Direct > > -----Original Message----- > From: leonidasterra [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 09, 2003 12:57 AM > To: freeradius-users > Subject: Cisco IOS/Firewall HTTP Authentication through Freeradius > > > Hi everyone! I�m new to RADIUS hands on and also to this group. > > I�m planning a LAN with 16 web servers inside. The users in > the Web will reach a Cisco router with IOS/Firewall, placed > in the edge of this LAN. So, this IOS/Firewall will prompt > (in the user�s browser) a http screen as access request > (login/password). > > User then sends information to IOS/Firewall that > authenticates and authorizes it in Freeradius. Now, a > specific user is authenticated and only access its assigned > servers, as configured in Freeradius. > > Has someone faced a similar environment with Freeradius and > Cisco Firewall? > > Were there any errors or incompatibilities? > > For last, is it necessary a database software (MySQL, DB2, > Oracle, Databliz, ...)to work with Freeradius? > > Thanks in advance, Le�nidas! > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
