Understanding AAA
| Cisco divides AAA configuration into two categories. These categories are defined by what a user is attempting to access. Administrative AccessAs the name implies, administrative access deals with a network administrator who is attempting to access networking devices. When the administrator starts an application to access a router, does the administrator's session flow through the router being accessed or terminate at the router being accessed? Obviously, if the admin wants to access a router, the administrator's session will terminate at the router so that the admin can access the router. Cisco has specific AAA commands that deal with sessions that terminate at the networking equipment.
Character ModeIn most cases, the types of applications you will be using to configure a router or a switch are character based, such as Secure Shell (SSH) or Telnet. When you Telnet or SSH to a router, where does that traffic terminate? It terminates on one of the router's VTY lines. When you create an administrative access session, which you do via character mode, your traffic terminates on a port that is designed for character mode traffic.
Network AccessWith network access , a session does not terminate at a networking device. The user's session flows through the networking device. Network access mode is used by a user who is attempting to access corporate resources.
Packet ModeWhat type of applications and ports are used to create a network access session? For example, either an internal user or an external user can use a Web browser for resource access. When that user creates a session that eventually terminates at an HTTP server, the router is routing packets to their destination.
 |
