12.1 Cisco Access-Control Solutions
12.1.4 Router Access Modes

Understanding router access modes is the key to understanding the AAA commands and how they work to secure your NAS.

With the exception of the aaa accounting system command, all the AAA commands apply to either character mode or packet mode. The Table can help you decode the meaning of an AAA command by associating the AAA command element with the connection mode to the router.

Primary applications for the Cisco Secure ACS include securing dialup access to a network and securing the management of routers within a network. Both applications have unique AAA requirements. With the Cisco Secure ACS, system administrators can select a variety of authentication methods to provide a set of authorization privileges. These router ports need to be secured by using the Cisco IOS software and a Cisco Secure server.

The AppleTalk Remote Access Protocol (ARAP) is an exception. ARAP behaves as both a character-mode and packet-mode connection. For example, ARAP authentication takes place in character mode, whereas ARAP access lists apply to packet mode.