Building network automation solutions

9 module online course

Start now!

Authenticating HTTP requests with AAA

By default, IOS routers use enable passwords to authenticate incoming HTTP (web) requests. You could also use local usernames as the authentication mechanism, or you could deploy full-blown AAA-based solution. To enable AAA-based HTTP authentication, you have to define two AAA lists (authentication login and authorization exec) and bind them to the HTTP server with the ip http authentication aaa command. A working configuration example is included below (this one uses AAA-based local username authentication, but of course you can replace that with RADIUS- or TACACS-based one).
aaa authentication login web local
aaa authorization exec web local
!
ip http authentication aaa login-authentication web
ip http authentication aaa exec-authorization web
Warning: the router executes AAA authentication/authorization for every HTTP request sent by the browser. It's thus very hard to integrate this solution with one-time passwords (unless you can cache the credentials on the AAA server).

We migrated our blog a few days ago, and the commenting functionality is not there yet. In the meantime please find our content on LinkedIn and comment there.

Sidebar