From: Jens Petter (jenseike@start.no)
Date: Tue Aug 15 2006 - 12:30:56 ART
There are many considirations when you do http authentication and http
authorization and it all depends on the ios you are using. There are also
some
bugs you need to take in to considiration...
You can use the command : core#sh subsys name http
Name Class Version
http Protocol 1.001.001
to see what http version you have on your ios
in version releases (earlier than 12.2(15)T) the http version is 1.000.001
(http version 1) and uses the vty lines and you need to do
Username http privilege 15 password cisco
Aaa new-model
Aaa authentication login http local
Aaa authorization exec http local
Ip http server
ip http authentication aaa
line vty
login authentication http
authorization exec http
in some ios versions releases (12.2(15)T and all 12.3 releases) the version
of http is 1.001.001. ( http version 1.1) In these versions http uses
sockets and you done need to configure the vty lines.
Some bugs to consideder:
Before the integration of Cisco bug ID CSCeb82510 in Cisco IOS Software
Releases 12.3(7.3) and 12.3(7.3)T, the HTTP V1.1 server had to use the same
authentication and authorization method that was configured for the console.
aaa new-model
aaa authentication login console_and_http local
aaa authorization exec console_and_http local
!
ip http authentication aaa
!
line con 0
login authentication console_and_http
authorization exec console_and_http
Aaa authentication login http local
Aaa authorization exec http local
Ip http server
ip http authentication aaa command-authorization http
ip http authentication aaa login-authentication http
ip http authentication aaa exec-authorization http
With the integration of Cisco bug ID CSCeb82510 in Cisco IOS Software
Releases 12.3(7.3) and 12.3(7.3)T, the HTTP server can use independent
authentication and authorization methods of its own, using new keywords in
the ip http authentication aaa command. The new keywords are:
Aaa authentication login http local
Aaa authorization exec http local
Ip http server
ip http authentication aaa command-authorization http
ip http authentication aaa login-authentication http
ip http authentication aaa exec-authorization http
Jens Petter
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Stout
Sent: 15. august 2006 16:47
To: examplebrain@hotmail.com; ccielab@groupstudy.com
Subject: RE: How to authorize http access to router??
No guarantees on this, it is more of a guess than anything.
aaa new-model
!
aaa authentication login default local none
aaa authentication login http local none
aaa authorization config-commands
aaa authorization commands 15 http local
ip http server
ip http authentication aaa command-authorization 15 http
--------------------------------------------------------------------
From: "Stefan Grey" <examplebrain@hotmail.com>
Reply-To: "Stefan Grey" <examplebrain@hotmail.com>
To: ccielab@groupstudy.com
Subject: How to authorize http access to router??
Date: Tue, 15 Aug 2006 14:40:59 +0100
Hello,
I want to configure the authorization of http access to ther
router???
How can I configure this on ACS or the router itself??
Or there is now way to configure?? And the user just should have the
privilege of 15??
_________________________________________________________________
Find a baby-sitter FAST with MSN Search! http://search.msn.ie/
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART