To have a complete security policy in place, authorization, authentication, and accounting
(AAA) must be implemented on a network. AAA not only allows full control over dial-up connections,
but login and exec access to devices. Tracking and auditing is accomplished through
the accounting services in AAA.
CiscoSecure is software that allows for centralized control over access to every device in your
network. It will run on Windows NT and Unix and provides RADIUS as well as TACACS+
authentication, authorization, and accounting services.
The two access modes, which are controlled by AAA, are character-mode and packet-mode
connections. Character-mode connections usually terminate at the access server or router, and
packet-mode connections are those that pass traffic through an access server or router.
Configuration of AAA services for Cisco devices has many facets. The administrator must
first configure how to authenticate users and then define which services those users will be
allowed to access. The optional accounting feature can be used to audit the user’s activity on
the system.
The use of a virtual template is a technology that enables the security server to supply the
access server with user-specific dialer profile information. Instead of each access server containing
user-specific dialer profile information, this information is kept on the security server and
downloaded to the access server when the user is authenticated.