Authentication Overview

Previous page
Table of content
Next page

Just as many types of authentication processes take place in today's world, many types of authentication methods can be performed on a Cisco device. An example of an authentication method might be a state-issued driver license or a boarding pass for a specific airline. When the airline attendants request identification for the use of their services, you are prepared with the proper identification. This is the most basic process of AAA.

Authentication provides a method for identifying users and includes login and password prompting, challenge and response functions, messaging support, and quite possibly encryption, as well. This authentication action takes place prior to the user being allowed access to any of the network resources.

NOTE

Authentication can take place as an individual process or can be combined with authorization and accounting.


When you configure a Cisco device for authentication, you need to complete a few steps. Although these steps are covered in detail in Chapter 3, "Authentication Configuration on Cisco Routers," a high-level overview is provided here for the configuration of Cisco IOS, CAT OS, and PIX OS.

The following steps are performed:

Step 1.

Enable the AAA process.

Although AAA is a common protocol that is seen in most enterprise networks, the protocol is not enabled by default.

Step 2.

Define the location, protocol, and secret key for the server communication.

Step 3.

Define a method list for authentication.[1]

A method list defines the type of authentication to be performed and which sequence to perform it in. It is necessary to apply it to an interface before the authentication methods are used. However, one exception to this rule of application exists. A default list exists, named "default," that is applied to all the interfaces provided a specific list is not configured on the interface already.

Once again, this follows the example of the airlinesas users attempt to access a network service, they are given an authentication prompt. The users can then prove that they are who they say they are. In your network environment, this prompt can be served up in a Telnet application, File Transfer Protocol (FTP) application, or web application. You can also use virtual authentication methods such as virtual Hypertext Transfer Protocol (HTTP) and virtual Telnet. Refer to the Cisco Secure PIX Firewall Advanced book for more information.

If users need access to other resources, one of the previously mentioned methods of access must be performed first or an alternative method such as virtual Telnet must be used. This is simply a method of delivering an authentication prompt to the user.

All the methods for authentication on Cisco routers are required to use AAA with the exception of local, line, and enable passwords.

NOTE

By using the term methods here, we are talking about authentication methods. These can include but are not limited to line authentication, enable authentication, and login authentication.


Although you can store an enable password on the device itself, this doesn't scale, and the password can be viewed in the configuration file of the device in clear text unless you use the enable secret option. The other options discussed here for authenticating local, line, and enable passwords will be discussed in greater depth in Chapter 3.



Previous page
Table of content
Next page
Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173
Authors: Brandon James Carroll
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Microsoft WSH and VBScript Programming for the Absolute Beginner
Java Concurrency in Practice
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
DNS & BIND Cookbook
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy