Chapter 26. Authentication in Cisco Devices
Authentication refers to the process of verifying a userâs identity. When a router challenges you for a login username and password, this is an example of authentication.
Authentication in Cisco devices is divided into two major types: normal and AAA (Authentication, Authorization, and Auditing).
Basic (Non-AAA) Authentication
Non-AAA authentication is the basic authentication capability built into a router or other network deviceâs operating system. Non-AAA authentication does not require access to an external server. It is very simple to set up and maintain, but lacks flexibility and scalability. Using locally defined usernames as an example, each username needs to be configured locally in the router. Imagine a scenario where a single user might connect to any of a number of devices, such as at an ISP. The user configurations would have to be maintained across all devices, and the ISP might have tens of thousands of users. With each user needing a line of configuration in the router, the configuration for the router would be hundreds of pages long.
Normal authentication is good for small-scale authentication needs or as a backup to AAA.
Line Passwords
Lines are logical or physical interfaces on a router that are used for
management of the router. The console and aux port on a router are
lines, as are the logical VTY interfaces used for Telnet and SSH. Configuring a password
on a line is a simple matter of adding it with the password ...
Get Network Warrior, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.