In this chapter, you will learn how to:
Describe the Cisco AAA model
Describe and configure the AAA system and each of its three components
Test the NAS AAA configuration using applicable debug and show commands
Cisco IOS software provides features for simple access control, such as local user name authentication, line password authentication, and enable password authentication. These methods, represented in the following output, are commonly used when you first learn to work with the Cisco IOS.
no service password-encryption enable secret 5 $1$s3/7$C4ngFihNBDwqlmdj1 ! username xyzdotcom password cisco ! line con 0 password cisco login line aux 0 password cisco login line vty 0 4 login local end
These features don’t provide the same degree of access control that’s possible by using AAA, however. In this chapter, you look at the methods used by Cisco’s AAA security technology to control remote access to the network. While AAA is supported on many devices and can be expected on each of the certification exams, this chapter introduces AAA within the context of securing the Network Access Server (NAS). This traditionally has been called “securing the dial-up connection,” using NAS routers to handle the incoming modem and ISDN sessions. As you see in the chapters that cover PIX and PIX IOS, AAA uses the same methods to control remote access from the Internet.