• “Lock and key” ACLs
– Used to open a hole in the ACL based on authentication
• Potential Applications
– From inside to outside
• User must first authenticate to send traffic to the Internet
– From outside to inside
• User must first authenticate to access internal web server
• Replaced by Authentication Proxy
– Per-user ACLs downloaded from AAA server
Dynamic ACL Configuration
• ACL entry is defined as dynamic
– access-list 100 dynamic TEST permit ip
any any
• Entry is activated by access-enable command
– Can be per user or per line
• username… autocommand access-enable [host]
• line vty 0 4
– autocommand access-enable [host].
– Used to open a hole in the ACL based on authentication
• Potential Applications
– From inside to outside
• User must first authenticate to send traffic to the Internet
– From outside to inside
• User must first authenticate to access internal web server
• Replaced by Authentication Proxy
– Per-user ACLs downloaded from AAA server
Dynamic ACL Configuration
• ACL entry is defined as dynamic
– access-list 100 dynamic TEST permit ip
any any
• Entry is activated by access-enable command
– Can be per user or per line
• username… autocommand access-enable [host]
• line vty 0 4
– autocommand access-enable [host].
No comments:
Post a Comment