AAA enables dynamic configuration of the type of authentication and
authorization on a per-line (per-user) or per-service (for example, IP, IPX, or
VPDN) basis. Define the type of authentication and authorization by creating
method lists, and then applying those method lists to specific services or
interfaces.
A method list is a sequential list that defines the
authentication methods used to authenticate a user. Method lists enable
designation of one or more security protocols to be used for authentication,
thus ensuring a backup system for authentication in case the initial method
fails. Cisco IOS software uses the first method listed to authenticate users;
if that method does not respond, Cisco IOS software selects the next
authentication method in the method list. This process continues until there is
successful communication with a listed authentication method, or until the
authentication method list is exhausted, in which case authentication
fails.
 |
NOTE:
Cisco IOS software attempts authentication with the next listed
authentication method only when there is no response from the previous method.
If any device denies authentication, the authentication process stops; no other
authentication methods are attempted.
|
First, decide what kind of security solution should be implemented.
Assess the security risks in the particular network and decide on the
appropriate means to prevent unauthorized entry and attack.
Figure
shows a table
that illustrates the AAA process based on the graphic in Figure
.