Securing HTTP Access from CCIE-Newbie on 2010-01-23 (Ccielab archives 01/2010)

From: CCIE-Newbie <ccie_ka_at_gmx.de>
Date: Sat, 23 Jan 2010 10:27:03 +0100

Hi Group,

I'm confused about securing http access to a router.
Assume I need to secure Router 1 for http access.
There are two different privilege level for two user.
User A should be level 5 while user B should be level 10

First off all I need to enable aaa and then set the list. My
configuration looks as follow:

aaa new-model
aaa authentication login HTTP local
aaa authorization exec HTTP local
ip http server
ip http authentication aaa login-authentication HTTP
ip http authentication aaa exec-authorization HTTP
no ip http secure-server

aaa new-model
aaa authentication login default local
aaa authorization exec default local
ip http server
ip http authentication aaa
no ip http secure-server

If I need to specify a "list" then I also need to specify after "ip http
authentication aaa login-authentication HTTP" and "ip http
authentication aaa exec-authorization HTTP" !?

So what is the difference between the above configurations ? Can anyone
explain please ?

Thanks

Dennis

Blogs and organic groups at http://www.ccie.net
Received on Sat Jan 23 2010 - 10:27:03 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:42 ART