Cisco Systems 700 manual Token Caching

Page 80

Token Caching

Otherwise, the router sends the request to the source of the interesting packet received if the interesting packet is an IP packet. The router sends the request to the designated client if the interesting packet is not an IP packet.

Step 3 The agent software recognizes the UDP/IP packet and opens an authentication window on the terminal. The user enters the username and token. The agent organizes the information into the PAP and CHAP username and password, based on the router configuration. It then sends the username and password back to the router as a reply packet.

Step 4 The reply packet is received, and the router opens an ISDN connection with Network Access Server (NAS).

Step 5 The router negotiates all line-control protocol options, including which authentication protocol to use (PAP or CHAP).

Step 6 Depending on which authentication protocol is negotiated, the router assembles a PAP request or CHAP response packet and sends it to NAS. If authentication fails, NAS passes the failure message from authentication, authorization, and accounting (AAA) to the router. The router sends one more request to the agent with a message to retry once more. If authentication fails again, the router sends another PAP request with the pppautheninfotype parameter set to message-onlyto inform the Cisco Secure Authentication Agent client that the authentication failed again and that the router has stopped authorization attempts.

Token Caching

Cisco 700 series routers do not do token caching. A token is cached at the client, and the client sends the router the cached token in response to the authentication request from a link that uses a multilink PPP bundle. With its built-in algorithm, the agent can also generate a new token, called a soft token, instead of prompting the user to enter a new hard token.

There are two authentication modes, PAP and CHAP local secret, shown in the following figures.

A-2Cisco700 Series Router Configuration Guide

Image 80
Contents Cisco 700 Series Router Configuration Guide Page N T E N T S Chapter Using Chap Chapter Configuring Dhcp Relay, Dhcp Server, and PAT Token Caching A-2 About This Manual Related Documentation Conventions Set systemname systemname Overview Supported ProtocolsSoftware Images Administrative Configuration Options 4Cisco700 Series Router Command Reference Using Profiles with Cisco 700 Series Routers Profile OverviewSystem and Profile Parameters Profiles and ConnectionsSystem Mode Parameter Set Profile Mode Parameter SetLists the parameters that can be configured in a profile Permanent ProfilesDisplaying Profile Configurations Creating and Modifying ProfilesRemoving Profile-Based Values Host set user tomdHostProfile reset user tomd Incoming CallsDeleting Profiles Changing Profile NamesOutgoing Calls 8Cisco700 Series Router Configuration Guide Basic Configurations Basic Configuration ConceptsLANs and WANs Bridges and RoutersProfiles Current Configuration Show configHost show config Remote and Central SitesPassword and Secret Starting PointAdditional Reference Set defSetting Spid Autodetection North America only Set autodetection onSetting SPIDs Manually North America only Set switch dmsBridging with a Cisco 700 Series Router Bridging ExampleRouting IP with a Cisco 700 Series Router to an ISP Cisco 700 Series Router Bridging InstructionsConnecting to an ISP-Example Configuration Routing IP to a Central Site Routing a Cisco 700 Series Router to an ISP InstructionsSet system 764 cd lan Set ip address Set user isp Set numberRouting IP to a Central Site-Example Configuration Central Site IP Routing Command Summary Set system remote765 set multidestination on cd LANRouting IP and IPX On-Demand Set ppp auth in chap set ppp secret host cd lanRouting IP and IPX On-Demand-Example Configuration On-Demand IP and IPX Routing with PPP Instructions Cd LANCentral Site On-Demand IP and IPX Routing with PPP Commands Set bridging off18Cisco 700 Series Router Configuration Guide Using Chap IP Static Routing and Callback with Chap Authentication Spid Detection North America onlyRemote Cisco 765 Command Summary Set switch 5essSet ip rip update off set timeout Set ip rip version 2 set userIP Static Routing with Chap Authentication and MLP Set ip rip update periodic set user Set ppp secret client Demand 2 threshold 32 duration 5 set active RebootIP Static Routing with PAP Authentication and MLP IP Static Routing with PAP AuthenticationSet bridging off set timeout 360 set active reboot IP Unnumbered Routing and Chap Authentication with MLP IP Unnumbered Static Routing and Chap with MLPSet ppp secret host cd lan IP Static and IPX Static Routing with Chap and MLP IP Static and IPX Static Routing with PPPSet ip rip update periodic set user Set multidestination onIPX Static Routing with Chap and MLP 4500Set ipx rip update periodic set user Set ppp multilink off Multilink PPP EncapsulationDynamic Routing Protocols Bridging to a Router Running Cisco IOS Software 16Cisco700 Series Router Configuration Guide Configuring Dhcp Relay, Dhcp Server, and PAT Dhcp Description Dhcp Server Application NotesPAT Application Notes PAT DescriptionDhcp Relay Application Notes Set ip framing none Ipcp DescriptionIpcp Address Negotiation Application Notes Cisco 765 Series Router Commands PPP Ipcp Negotiation ExampleSet system Verify the ConfigurationDhcp Relay with Ipcp Negotiation Example Dhcp Server with Ipcp Negotiation Example Set user Set dhcp serverSet dhcp gateway primary 172.168.1.1 cd lan PAT with Ipcp Single-Destination Negotiation Example PAT with Ipcp Single-Destination NegotiationSet system Set ip pat po ftp 10.0.0.2 cd lan Dhcp Server with PAT and Ipcp Single-Destination Negotiation Set active Dhcp server Cisco Isdn network Set ip netmask 255.255.255.0 set ip pat on Verify the Configuration 16Cisco700 Series Router Configuration Guide Configuring Remote Capi Capi and RVS-COM Supported Applications Remote Capi Router CommandsSupported D-Channel Protocols Set rcapi on Set dir Configuring the Cisco 700 Router as an Rcapi ServerRcapi Command Summary Local-router show rcapi status 6Cisco700 Series Router Configuration Guide Token Card and Cisco Secure Authentication Support Token Caching Figure A-2 PAP Client Packet 4Cisco700 Series Router Configuration Guide D E ISP Ipxcp RIP ARP BCP Chap Dhcp Icmp Ipcp Ipxcp ISDN-DCP Mlppp PAP PAT
Related manuals
Manual 8 pages 18.06 Kb