Chapter 24. Authentication in Cisco Devices
Authentication refers to the process of verifying a user's identity. When a router challenges you for a login username and password, this is an example of authentication.
Authentication in Cisco devices is divided into two major types: normal and AAA (Authentication, Authorization, and Auditing).
Basic (Non-AAA) Authentication
Non-AAA authentication is the basic authentication capability built into a router or other network device's operating system. Non-AAA authentication does not require access to an external server. It is very simple to set up and maintain, but lacks flexibility and scalability. Using locally defined usernames as an example, each username needs to be configured locally in the router. Imagine a scenario where a single user might connect to any of a number of devices, such as at an ISP. The user configurations would have to be maintained across all devices, and the ISP might have tens of thousands of users. With each user needing a line of configuration in the router, the configuration for the router would be hundreds of pages long.
Normal authentication is good for small-scale authentication needs, or as a backup to AAA.
Line Passwords
Lines are logical or physical interfaces on a router that are
used for management of the router. The console and aux port on a router are lines, as
are the logical VTY interfaces used for telnet and SSH. Configuring a password on a line
is a simple matter of adding it with the password command: ...
Get Network Warrior now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
