Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems 700 manual Token Card and Cisco Secure Authentication Support

Models: 700

1 87

Download 87 pages 6.75 Kb

Page 79

A P P E N D I X A

Token Card and Cisco Secure Authentication Support

This appendix provides Token Card and Cisco Secure Authentication support concepts as they apply to the Cisco 700 series router. Cisco Secure Authentication Agent supports single-user mode, which extends B channel authentication to a Cisco Secure Authentication Agent client.

Token cards are considered the most secure authentication solution available. There are two kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure Authentication Agent only supports synchronous token card, which does not need a challenge from a token server to generate a token.

Figure A-1 shows the connection between the client and the token server.

Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server Connection

LAN ISDN

Cisco Secure AA Cisco 700 client

LAN

LAN

NAS Authentication

Authorization

Accounting

10259

Token server

The following steps illustrate how a link is established using a profile:

Step 1 Demand traffic or a call command makes a connection.

Step 2 The router sends a User Datagram Protocol (UDP) packet to a Token Authorization agent (also known as Cisco Secure Authentication Agent), requesting a username and password for PAP and CHAP. If Token Authorization Support (TAS) is set to central, the router always sends the authentication information request to the designated client.

Token Card and Cisco Secure Authentication Support A-1

Image 79

Cisco Systems 700 manual Token Card and Cisco Secure Authentication Support

Contents

Cisco 700 Series Router Configuration Guide Page N T E N T S Chapter Using Chap Chapter Configuring Dhcp Relay, Dhcp Server, and PAT Token Caching A-2 About This Manual Related Documentation Conventions Set systemname systemname Supported Protocols OverviewSoftware Images Administrative Configuration Options 4Cisco700 Series Router Command Reference Profile Overview Using Profiles with Cisco 700 Series RoutersProfiles and Connections System and Profile ParametersProfile Mode Parameter Set System Mode Parameter SetPermanent Profiles Lists the parameters that can be configured in a profileHost set user tomd Displaying Profile ConfigurationsCreating and Modifying Profiles Removing Profile-Based ValuesChanging Profile Names HostProfile reset user tomdIncoming Calls Deleting ProfilesOutgoing Calls 8Cisco700 Series Router Configuration Guide Basic Configuration Concepts Basic ConfigurationsProfiles Bridges and RoutersLANs and WANs Show config Current ConfigurationRemote and Central Sites Host show configSet def Password and SecretStarting Point Additional ReferenceSet autodetection on Setting Spid Autodetection North America onlySet switch dms Setting SPIDs Manually North America onlyBridging Example Bridging with a Cisco 700 Series RouterCisco 700 Series Router Bridging Instructions Routing IP with a Cisco 700 Series Router to an ISPConnecting to an ISP-Example Configuration Set user isp Set number Routing IP to a Central SiteRouting a Cisco 700 Series Router to an ISP Instructions Set system 764 cd lan Set ip addressRouting IP to a Central Site-Example Configuration Set system remote765 set multidestination on cd LAN Central Site IP Routing Command SummarySet ppp auth in chap set ppp secret host cd lan Routing IP and IPX On-DemandRouting IP and IPX On-Demand-Example Configuration Cd LAN On-Demand IP and IPX Routing with PPP InstructionsSet bridging off Central Site On-Demand IP and IPX Routing with PPP Commands18Cisco 700 Series Router Configuration Guide Using Chap Spid Detection North America only IP Static Routing and Callback with Chap AuthenticationSet ip rip version 2 set user Remote Cisco 765 Command SummarySet switch 5ess Set ip rip update off set timeoutIP Static Routing with Chap Authentication and MLP Demand 2 threshold 32 duration 5 set active Reboot Set ip rip update periodic set user Set ppp secret clientIP Static Routing with PAP Authentication IP Static Routing with PAP Authentication and MLPSet bridging off set timeout 360 set active reboot IP Unnumbered Static Routing and Chap with MLP IP Unnumbered Routing and Chap Authentication with MLPSet ppp secret host cd lan IP Static and IPX Static Routing with PPP IP Static and IPX Static Routing with Chap and MLPSet multidestination on Set ip rip update periodic set user4500 IPX Static Routing with Chap and MLPSet ipx rip update periodic set user Dynamic Routing Protocols Multilink PPP EncapsulationSet ppp multilink off Bridging to a Router Running Cisco IOS Software 16Cisco700 Series Router Configuration Guide Configuring Dhcp Relay, Dhcp Server, and PAT Dhcp Server Application Notes Dhcp DescriptionDhcp Relay Application Notes PAT DescriptionPAT Application Notes Ipcp Address Negotiation Application Notes Ipcp DescriptionSet ip framing none PPP Ipcp Negotiation Example Cisco 765 Series Router CommandsDhcp Relay with Ipcp Negotiation Example Verify the ConfigurationSet system Dhcp Server with Ipcp Negotiation Example Set dhcp gateway primary 172.168.1.1 cd lan Set dhcp serverSet user PAT with Ipcp Single-Destination Negotiation PAT with Ipcp Single-Destination Negotiation ExampleSet system Set ip pat po ftp 10.0.0.2 cd lan Dhcp Server with PAT and Ipcp Single-Destination Negotiation Set active Dhcp server Cisco Isdn network Set ip netmask 255.255.255.0 set ip pat on Verify the Configuration 16Cisco700 Series Router Configuration Guide Configuring Remote Capi Capi and RVS-COM Supported D-Channel Protocols Remote Capi Router CommandsSupported Applications Rcapi Command Summary Configuring the Cisco 700 Router as an Rcapi ServerSet rcapi on Set dir Local-router show rcapi status 6Cisco700 Series Router Configuration Guide Token Card and Cisco Secure Authentication Support Token Caching Figure A-2 PAP Client Packet 4Cisco700 Series Router Configuration Guide D E ISP Ipxcp RIP ARP BCP Chap Dhcp Icmp Ipcp Ipxcp ISDN-DCP Mlppp PAP PAT