A P P E N D I X A
Token Card and Cisco Secure Authentication Support
This appendix provides Token Card and Cisco Secure Authentication support concepts as they apply to the Cisco 700 series router. Cisco Secure Authentication Agent supports
Token cards are considered the most secure authentication solution available. There are two kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure Authentication Agent only supports synchronous token card, which does not need a challenge from a token server to generate a token.
Figure A-1 shows the connection between the client and the token server.
Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server Connection
LAN ISDN
Cisco Secure AA Cisco 700 client
LAN | LAN |
NAS Authentication
Authorization
Accounting
10259
Token server
The following steps illustrate how a link is established using a profile:
Step 1 Demand traffic or a call command makes a connection.
Step 2 The router sends a User Datagram Protocol (UDP) packet to a Token Authorization agent (also known as Cisco Secure Authentication Agent), requesting a username and password for PAP and CHAP. If Token Authorization Support (TAS) is set to central, the router always sends the authentication information request to the designated client.
Token Card and Cisco Secure Authentication Support