Hi,
thank you for this explanation.
But what happens if I have two local users with different privilege
level ? Is the login dependent from the defined user level ?
And also can you please explain what about the commands
ip http authentication aaa
1. command-authorization level listname
2. exec-authorization listname
3. login-authentication listname
Sorry for my questions but If I must use a named list I also need to
specify any of the above commands !?
Dennis
Am Samstag, den 23.01.2010, 10:49 +0100 schrieb Piotr Matusiak:
> Hi,
>
> When you use "aaa authentication login default local" it is applied to
> all lines including CON, AUX, VTY. So you don't need to specify the
> named method in "ip http authentication aaa" command.
> However, if you use named method like "aaa authentication login TEST
> local" you need to specify that using "ip http authentication aaa
> login-authentication TEST" command.
>
> This is because you can have more than one named method configured and
> the router must know which one use to authenticate HTTP users. The
> default method is only one so you do not need to specify that.
>
> BTW: you can configure the same without AAA:
> !
> username student privil 15 password cisco123
> !
> ip http server
> ip http authentication local
> !
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security)
> Technical Instructor
> website: www.MicronicsTraining.com
>
> b�If you can't explain it simply, you don't understand it well enoughb�
> - Albert Einstein
>
>
> 2010/1/23 CCIE-Newbie <ccie_ka_at_gmx.de>
> Hi Group,
>
> I'm confused about securing http access to a router.
> Assume I need to secure Router 1 for http access.
> There are two different privilege level for two user.
> User A should be level 5 while user B should be level 10
>
> First off all I need to enable aaa and then set the list. My
> configuration looks as follow:
>
> aaa new-model
> aaa authentication login HTTP local
> aaa authorization exec HTTP local
> ip http server
> ip http authentication aaa login-authentication HTTP
> ip http authentication aaa exec-authorization HTTP
> no ip http secure-server
>
> aaa new-model
> aaa authentication login default local
> aaa authorization exec default local
> ip http server
> ip http authentication aaa
> no ip http secure-server
>
> If I need to specify a "list" then I also need to specify
> after "ip http
> authentication aaa login-authentication HTTP" and "ip http
> authentication aaa exec-authorization HTTP" !?
>
> So what is the difference between the above configurations ?
> Can anyone
> explain please ?
>
> Thanks
>
> Dennis
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Jan 23 2010 - 18:50:28 ART