1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Server
  5. AS5300-96VOIP-A
  6. Software configuration manual

Cisco AS5300-96VOIP-A Software Configuration Manual page 118

Universal access server
Hide thumbs
Table of Contents

Advertisement

Configuring Authentication
In the following example, the ARA authentication method list name is callback (because
asynchronous callback is used on the access server):
In the following example, the login authentication method list name is deveng:
Specify the Authentication Method
After you identify a list name, you must specify an authentication method. An authentication method
identifies how users are authenticated. For example, will users be authenticated by a local security
database resident on the access server (local method)? Will they be authenticated by a remote
security database, such as by a TACACS+ or RADIUS daemon? Will guest access to an AppleTalk
network be permitted?
Authentication methods are defined with optional keywords in the aaa authentication command.
See Tables 4-5 and 4-6.
Table 4-5
Method
if-needed
krb5
local
none
radius
tacacs+
Timesaver
12
9
3
TACACS+ encrypts the entire payload of packets passed across the network, whereas RADIUS only encrypts
6
the password when it crosses the network. TACACS+ can query the security server multiple times, whereas
a RADIUS server gives one response only and is therefore not as flexible regarding per-user authentication
and authorization attempts. Moreover, RADIUS does not support authentication of ARA.
Table 4-6
Method
auth-guest
guest
line
local
tacacs+
4-12
Cisco AS5300 Universal Access Server Software Configuration Guide
5300# configure terminal
5300(config)# aaa authentication arap callback
5300# configure terminal
5300(config)# aaa authentication login deveng
Authentication Methods for PPP
Description
Authenticates only if not already authenticated. No duplicate authentication.
Specifies Kerberos 5 authentication.
Uses the local username database in the access server. This is defined with the
username global configuration command.
No authentication is required. Do not prompt for a username or password.
Use RADIUS authentication as defined on a RADIUS security server.
Use TACACS+ authentication as defined on a TACACS+ security server.
If you are not sure whether you should use TACACS+ or RADIUS, here are some comparisons:
Authentication Methods for ARA
Description
Allows guests to log in only if they have already been authenticated at the EXEC.
Allows guests to log in.
Uses the line (login) password for authentication.
Uses the local username database in the access server for authentication. This
database is defined with the username global configuration command.
Use TACACS+ authentication as defined on a TACACS+ security server.

Advertisement

Table of Contents
loading

Related Manuals for Cisco AS5300-96VOIP-A

Related Products for Cisco AS5300-96VOIP-A

This manual is also suitable for:

As5300

Table of Contents