Cisco 520-T1 Software Guide - Page 107
Configuring Security Features, Authentication, and Accounting
UPC - 882658299889
View all Cisco 520-T1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
11 C H A P T E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for implementing selected security features that can be configured on the Cisco Secure Router 520 Series routers. Note Individual router models may not support every feature described throughout this guide. Features not supported by a particular router are indicated whenever possible. This chapter contains the following sections: • Authentication, Authorization, and Accounting • Configuring AutoSecure • Configuring Access Lists • Configuring a CBAC Firewall • Configuring Cisco IOS Firewall IDS • Configuring VPNs Each section includes a configuration example and verification steps, where available. Authentication, Authorization, and Accounting AAA network security services provide the primary framework through which you set up access control on your router. Authentication provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you choose, encryption. Authorization provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX), AppleTalk Remote Access (ARA), and Telnet. Accounting provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes. AAA uses protocols such as RADIUS, TACACS+, or Kerberos to administer its security functions. If your router is acting as a network access server, AAA is the means through which you establish communication between your network access server and your RADIUS, TACACS+, or Kerberos security server. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 11-1