Centralized Security
in Remote Access
Networks
THE CCNP EXAM TOPICS COVERED IN THIS
CHAPTER INCLUDE THE FOLLOWING:
Know the security features of CiscoSecure and the
operation of a CiscoSecure server.
Understand the commands and procedures used to configure
routers to access a CiscoSecure server and to use AAA.
Know the commands used to configure AAA on a router to
control access from remote access clients.
Remote access encompasses two elements:
The communications channel between two points, or the
connection
Access control, or determining who or what can access the
network and its data
These concepts are known as
authentication, authorization, and accounting (AAA)
. AAA
is Cisco’s way of explaining the access control components and processes, and it is the topic
of this chapter.
This book has covered many of the fundamental elements of authentication and authorization—
particularly in the context of Challenge Handshake Authentication Protocol, or CHAP (see
Chapter 24, “Point-to-Point Protocol”). This chapter explores these concepts further, but the discussion
focuses more on the theoretical concepts of security and Cisco’s preferred implementation
of each of these concepts. AAA services are essential to providing centralized access control services,
which is a recurrent theme in this chapter and most Cisco security implementations