Overview

In this chapter, you will learn how to:

• Describe the Cisco AAA model

• Describe and configure the AAA system and each of its three components

• Test the NAS AAA configuration using applicable debug and show commands

Cisco IOS software provides features for simple access control, such as local user name authentication, line password authentication, and enable password authentication. These methods, represented in the following output, are commonly used when you first learn to work with the Cisco IOS.

no service password-encryption
enable secret 5 $1$s3/7$C4ngFihNBDwqlmdj1
!
username xyzdotcom password cisco
!
line con 0
 password cisco
 login
line aux 0
 password cisco
 login
line vty 0 4
 login local
end

These features don’t provide the same degree of access control that’s possible by using AAA, however. In this chapter, you look at the methods used by Cisco’s AAA security technology to control remote access to the network. While AAA is supported on many devices and can be expected on each of the certification exams, this chapter introduces AAA within the context of securing the Network Access Server (NAS). This traditionally has been called “securing the dial-up connection,” using NAS routers to handle the incoming modem and ISDN sessions. As you see in the chapters that cover PIX and PIX IOS, AAA uses the same methods to control remote access from the Internet.