Chapter 26. Authentication in Cisco Devices
Authentication refers to the process of verifying a user’s identity. When a router challenges you for a login username and password, this is an example of authentication.
Authentication in Cisco devices is divided into two major types: normal and AAA (Authentication, Authorization, and Auditing).
Basic (Non-AAA) Authentication
Non-AAA authentication is the basic authentication capability built into a router or other network device’s operating system. Non-AAA authentication does not require access to an external server. It is very simple to set up and maintain, but lacks flexibility and scalability. Using locally defined usernames as an example, each username needs to be configured locally in the router. Imagine a scenario where a single user might connect to any of a number of devices, such as at an ISP. The user configurations would have to be maintained across all devices, and the ISP might have tens of thousands of users. With each user needing a line of configuration in the router, the configuration for the router would be hundreds of pages long.
Normal authentication is good for small-scale authentication needs or as a backup to AAA.
Lines are logical or physical interfaces on a router that are used for
management of the router. The console and aux port on a router are
lines, as are the logical VTY interfaces used for Telnet and SSH. Configuring a password
on a line is a simple matter of adding it with the
password command: ...