This chapter showed you the basics of AAA. AAA enables you to authenticate users, authorize what services they can access, and account for what happened. AAA must be enabled with the aaa new-model command. Cisco supports external security servers for AAA; you can use RADIUS, TACACS+, and even Kerberos to provide for a secure connection and communications between your router and the security server. When you need to manage a large number of routers, using AAA with a security server is the most scalable solution.

Next up is Part III, "Nonstateful Filtering Technologies," which shows you how to protect the router using standard and extended access control lists (ACLs).