Disabling Authentication Challenge Per Protocol - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring Authentication for Network Access
•
To enable secure authentication of web clients, perform the following steps:
Step 1
Enable HTTP authentication. For more information about enabling authentication, see the
Network Access Authentication" section on page
Step 2
To enable secure authentication of web clients, enter this command:
aaa authentication secure-http-client
Use of the aaa authentication secure-http-client command is not dependent upon enabling HTTP
Note
authentication. If you prefer, you can enter this command before you enable HTTP authentication so that
if you later enable HTTP authentication, usernames and passwords are already protected by secured
web-client authentication.
Disabling Authentication Challenge per Protocol
You can configure whether the FWSM challenges users for a username and password. By default, the
FWSM prompts the user when a AAA rule enforces authentication for traffic in a new session and the
protocol of the traffic is FTP, Telnet, HTTP, or HTTPS. In some cases, you may want to disable the
authentication challenge for one or more of these protocols, using the following command:
hostname(config)# aaa authentication protocol challenge disable
For example, to disable the username and password challenge for new connections using FTP, enter the
following command:
hostname(config)# aaa authentication ftp challenge disable
If you disable challenge authentication for a particular protocol, traffic using that protocol is allowed
only if the traffic belongs to a session previously authenticated. This authentication can be accomplished
by traffic using a protocol whose authentication challenge remains enabled. For example, if you disable
challenge authentication for FTP, the FWSM denies new session using FTP if the traffic is included in
an authentication rule. If the user establishes the session with a protocol whose authentication challenge
is enabled (such as HTTP), FTP traffic is allowed.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
17-8
static (inside,outside) tcp 10.132.16.200 443 10.130.16.10 443
HTTP users see a pop-up window generated by the browser itself if aaa authentication
secure-http-client is not configured. If aaa authentication secure-http-client is configured, a
form loads in the browser to collect username and password. In either case, if a user enters an
incorrect password, the user is prompted again. When the web server and the authentication server
are on different hosts, use the virtual http command to get the correct authentication behavior.
Chapter 17
Applying AAA for Network Access
17-3.
"Enabling
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
