Appendix A Token Card And Cisco Secure Authentication Support - Cisco 700 Series Configuration Manual

Token Card and Cisco Secure
Authentication Support
This appendix provides Token Card and Cisco Secure Authentication support concepts as
they apply to the Cisco 700 series router. Cisco Secure Authentication Agent supports
single-user mode, which extends B channel authentication to a Cisco Secure
Authentication Agent client.
Token cards are considered the most secure authentication solution available. There are two
kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure
Authentication Agent only supports synchronous token card, which does not need a
challenge from a token server to generate a token.
Figure A-1 shows the connection between the client and the token server.
Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server
Connection
LAN
Cisco Secure AA Cisco 700
client
The following steps illustrate how a link is established using a profile:
Demand traffic or a call command makes a connection.
Step 1
The router sends a User Datagram Protocol (UDP) packet to a Token
Step 2
Authorization agent (also known as Cisco Secure Authentication Agent),
requesting a username and password for PAP and CHAP. If Token Authorization
Support (TAS) is set to central, the router always sends the authentication
information request to the designated client.
ISDN LAN
NAS Authentication
Authorization
Accounting
Token Card and Cisco Secure Authentication Support A-1
A P P E N D I X
LAN
Token
server
A