Technical data
Security Configuration 7-3
Configuring Authentication
For specific information about the interaction between the security server and the access server, refer
to the Security Configuration Guide.
Figure 7-2 Remote Security Database
A remote, centralized security database is useful when you have a large number of access servers
providing network access. It prevents having to update each access server with new or changed
authentication and authorization information for potentially hundreds of thousands of dial-in
network users. A centralized security database also helps establish consistent remote access policies
throughout a corporation.
Configuring Authentication
Using the AAA facility, you can authenticate users with either a local or a remote security database.
For more information about what a local and remote security database are, refer to the previous
section “Local Versus Remote Server Authentication.”
Whether you maintain a local or remote security database, or use TACACS+ or RADIUS
authentication and authorization, the process of configuring the access server for these different
databases and protocols is similar. The basic process of configuring the Cisco IOS software for
authentication requires the following tasks:
1 Securing Access to Privileged EXEC and Configuration Mode
2 Enabling Communication between the Access Server and the Security Server
S4756
Large corporate network
with many dial-in access servers
Cisco AS5200
Cisco AS5200
Cisco AS5200
Cisco AS5200
Cisco AS5200
Macintosh server
Novell server
UNIX server
Windows NT server
48 dial-in ports on each
Cisco AS5200 access
server
TACACS+ server or
RADIUS server
Remote security server
provides centralized
security database
to all dial-in access servers.
Router
Router
Cisco AS5200