Technical data
7-2 Dial Solutions Quick Configuration Guide
Local Versus Remote Server Authentication
Local Versus Remote Server Authentication
This section describes the differences between local and remote security databases and the basic
authentication process for each. Remote security databases described in this chapter include
Terminal Access Controller Access Control System with Cisco proprietary enhancements
(TACACS+) and Remote Authentication Dial-In User Service (RADIUS).
Generally the size of the network and type of corporate security policies and control determines
whether you use a local or remote security database.
Local Security Database
If you have one or two access servers providing access to your network, you probably want to store
username and password security information on the Cisco access server. This is referred to as local
authentication. (See Figure 7-1.)
Figure 7-1 Local Security Database
A local security database is useful if you have very few access servers providing network access. A
local security database does not require a separate (and costly) security server.
Remote Security Database
As your network grows, you need a centralized security database that provides username and
password information to each of the access servers on the network. This centralized security
database resides in a security server. (See Figure 7-2.)
An example of a remote security database server is the CiscoSecure product from Cisco Systems,
Inc. CiscoSecure is a UNIX security daemon solution, with which the administrator creates a
database that defines the network users and their privileges. CiscoSecure uses a central database that
stores user and group profiles with authentication and authorization information.
The Cisco access server exchanges user authentication information with a TACACS+ or RADIUS
database on the security server by transmitting encrypted TACACS+ or RADIUS packets across the
network.
S4755
Small corporate network (remote office)
with only one dial-in access server
Cisco 2511
NT server
Macintosh server
UNIX server
Single dial-in
access server,
small number
of ports.
Security
database
stored locally