Table of Contents
Advertisement
Access Service Security
The access service security paradigm presented in this guide uses the authentication, authorization,
and accounting (AAA) facility:
•
Authentication—Requires dial-in users to identify themselves and prove their identity. Requiring
authentication before users can access the network prevents users from either accessing lines on
the access server or connecting through the lines directly to network resources. You need to
secure every access point.
•
Authorization—Prevents each user from gaining access to services and devices on the network
that they do not need to or should not access.
•
Accounting—Provides records for billing and other recording purposes of who is connected and
how long they have been connected. This chapter does not describe how to configure accounting.
This chapter describes how to configure security using a local database resident on the access server
or using a remote security database for Terminal Access Controller Access Control System
(TACACS+) and Remote Authentication Dial-In User Service (RADIUS). To understand the
concept of local versus remote authentication, refer to the section "Local Versus Remote Server
Authentication" later in this chapter.
This chapter includes the following sections:
•
Assumptions
•
Local Versus Remote Server Authentication
•
Configuring Authentication
•
Configuring Authorization
•
Security Examples
This chapter does not provide a comprehensive security overview. For example, it does not describe
Caution
how to configure TACACS, Extended TACACS, Kerberos, or access lists. It presents the most commonly
used security mechanisms to prevent unauthenticated and unauthorized access to network resources through
Cisco access servers. For a comprehensive overview of Cisco security tools, refer to the Security
Configuration Guide, available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
C H A P T E R
4
Access Service Security 4-1
Advertisement
Table of Contents
