Information Technology Reference
In-Depth Information
•
RADIUS
•
PIX Firewalls
•
Encryption
These security topics go beyond the simple line and enable passwords on the routers by
providing additional methods to authenticate, authorize, and secure network resources.
AAA
AAA (triple A) provides a modular framework for configuring three security functions. The
three functions are as follows:
•
Authentication
—Who is the user?
•
Authorization
—What resources can be accessed?
•
Accounting
—When was the device accessed, by whom, and what commands were used?
Authentication allows the identification of the user that is accessing the device. Authentication
can include login and password dialogs, challenge and response, and encryption.
Authorization specifies the level of access that the user can have on the system. For example, a
user might be given
exec
router privileges but denied access to enable mode.
Accounting tracks users and stores the information in an off-line server. It also tracks the
amount of network resources (bytes) used. Examples of parameters that are stored in the
accounting server are device failed and successful login attempts, commands used, and time
and date of event.
AAA router commands provide additional security over exec and enable level passwords. AAA
uses protocols such as RADIUS, TACACS+, and Kerberos to administer its security functions.
AAA is the means through which you establish communication between the router and the
RADIUS, TACACS+, or Kerberos security server. The Cisco Secure ACS server software can
act as a RADIUS or TACACS+ server.
AAA Configuration
AAA is enabled with the command
aaa new-model
. After AAA is enabled, security protocol
parameters (TACACS/RADIUS) can be configured. Authentication, authorization, and
accounting are configured with the following commands:
•
aaa authentication
keywords
•
aaa authorization
keywords
•
aaa accounting
keywords
Search WWH ::
Custom Search