O'Reilly logo

Hardening Cisco Routers by Thomas Akin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3. Basic Access Control

This chapter addresses what most people think about when they start to secure a router—authenticating users and restricting access. There are many more ways to access Cisco routers than most network administrators realize. Each of these methods can have different authentication methods and can be set to allow various levels of privilege access. It is important that all methods of access are either secured or disabled. The chapter briefly discusses the differences between authentication and authorization and then moves on to the fundamentals of how Cisco routers handle controlling and protecting access.

Authentication Versus Authorization

Access control involves both authentication and authorization. People often confuse the two. Authentication is the process of identifying a user; authorization restricts what a user is allowed to do. Cisco router authentication controls can be divided into two main categories—those that use the AAA (authentication, authorization, accounting) access methods and those that don’t. The non-AAA methods include line authentication (console, auxiliary, and VTY ports), local username authentication, and Terminal Access Controller Access Control System (TACACS) or extended TACACS authentication. The AAA authentication methods add TACACS+, RADIUS, and Kerberos. AAA provides much greater control over authentication, authorization, and accounting than do non-AAA methods. While Cisco calls ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required