This chapter showed you the basics of lock-and-key ACLs. Lock-and-key is what I like to call the poor man's version of authentication proxy. Lock-and-key ACLs are used to authenticate a user, opening a temporary hole in your extended ACL filter to grant the user access to other resources. Lock-and-key can use a line password, a local database, or an AAA server to authenticate users, and can authenticate users as their connections either enter or leave the network (or both). Lock-and-key typically is used in a small network that needs to authenticate a specific type of access and when the perimeter router/firewall does not have the Cisco IOS Firewall feature set with authentication proxy installed.

Next is Chapter 14, "Authentication Proxy," which shows you the replacement to lock-and-key ACLs on a router.