
330 Chapter 8 • Securing your Remote Access Network
If AAA information is held locally, user AAA account information is held
on the router or access server itself. These accounts are created through
the Cisco IOS and are used to permit or deny user access. When using this
solution, AAA negotiation is performed internally within Cisco IOS, and is
therefore protocol-independent. However, only a limited number of Cisco-
specific security attribute values are supported.
When using server-based remote AAA, the router or network access
server negotiates with a remote AAA security server to determine whether
a user is to be allowed access. User and group infor ...