Cisco Systems 700 guide

A P P E N D I X A

Token Card and Cisco Secure Authentication Support

This appendix provides Token Card and Cisco Secure Authentication support concepts as they apply to the Cisco 700 series router. Cisco Secure Authentication Agent supports single-user mode, which extends B channel authentication to a Cisco Secure Authentication Agent client.

Token cards are considered the most secure authentication solution available. There are two kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure Authentication Agent only supports synchronous token card, which does not need a challenge from a token server to generate a token.

Figure A-1 shows the connection between the client and the token server.

Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server Connection

LAN ISDN

Cisco Secure AA Cisco 700 client

LAN

LAN

NAS Authentication

Authorization

Accounting

10259

Token server

The following steps illustrate how a link is established using a profile:

Step 1 Demand traffic or a call command makes a connection.

Step 2 The router sends a User Datagram Protocol (UDP) packet to a Token Authorization agent (also known as Cisco Secure Authentication Agent), requesting a username and password for PAP and CHAP. If Token Authorization Support (TAS) is set to central, the router always sends the authentication information request to the designated client.

Token Card and Cisco Secure Authentication Support A-1

Image 79

Cisco Systems 700 manual Token Card and Cisco Secure Authentication Support

Contents

Cisco 700 Series Router Configuration Guide Page N T E N T S Chapter Using Chap Chapter Configuring Dhcp Relay, Dhcp Server, and PAT Token Caching A-2 About This Manual Related Documentation Conventions Set systemname systemname Supported Protocols Overview Software Images Administrative Configuration Options 4Cisco700 Series Router Command Reference Profile Overview Using Profiles with Cisco 700 Series Routers Profiles and Connections System and Profile Parameters Profile Mode Parameter Set System Mode Parameter Set Permanent Profiles Lists the parameters that can be configured in a profile Host set user tomd Displaying Profile ConfigurationsCreating and Modifying Profiles Removing Profile-Based Values Changing Profile Names HostProfile reset user tomdIncoming Calls Deleting Profiles Outgoing Calls 8Cisco700 Series Router Configuration Guide Basic Configuration Concepts Basic Configurations Profiles Bridges and RoutersLANs and WANs Show config Current Configuration Remote and Central Sites Host show config Set def Password and SecretStarting Point Additional Reference Set autodetection on Setting Spid Autodetection North America only Set switch dms Setting SPIDs Manually North America only Bridging Example Bridging with a Cisco 700 Series Router Cisco 700 Series Router Bridging Instructions Routing IP with a Cisco 700 Series Router to an ISP Connecting to an ISP-Example Configuration Set user isp Set number Routing IP to a Central SiteRouting a Cisco 700 Series Router to an ISP Instructions Set system 764 cd lan Set ip address Routing IP to a Central Site-Example Configuration Set system remote765 set multidestination on cd LAN Central Site IP Routing Command Summary Set ppp auth in chap set ppp secret host cd lan Routing IP and IPX On-Demand Routing IP and IPX On-Demand-Example Configuration Cd LAN On-Demand IP and IPX Routing with PPP Instructions Set bridging off Central Site On-Demand IP and IPX Routing with PPP Commands 18Cisco 700 Series Router Configuration Guide Using Chap Spid Detection North America only IP Static Routing and Callback with Chap Authentication Set ip rip version 2 set user Remote Cisco 765 Command SummarySet switch 5ess Set ip rip update off set timeout IP Static Routing with Chap Authentication and MLP Demand 2 threshold 32 duration 5 set active Reboot Set ip rip update periodic set user Set ppp secret client IP Static Routing with PAP Authentication IP Static Routing with PAP Authentication and MLP Set bridging off set timeout 360 set active reboot IP Unnumbered Static Routing and Chap with MLP IP Unnumbered Routing and Chap Authentication with MLP Set ppp secret host cd lan IP Static and IPX Static Routing with PPP IP Static and IPX Static Routing with Chap and MLP Set multidestination on Set ip rip update periodic set user 4500 IPX Static Routing with Chap and MLP Set ipx rip update periodic set user Dynamic Routing Protocols Multilink PPP EncapsulationSet ppp multilink off Bridging to a Router Running Cisco IOS Software 16Cisco700 Series Router Configuration Guide Configuring Dhcp Relay, Dhcp Server, and PAT Dhcp Server Application Notes Dhcp Description Dhcp Relay Application Notes PAT DescriptionPAT Application Notes Ipcp Address Negotiation Application Notes Ipcp DescriptionSet ip framing none PPP Ipcp Negotiation Example Cisco 765 Series Router Commands Dhcp Relay with Ipcp Negotiation Example Verify the ConfigurationSet system Dhcp Server with Ipcp Negotiation Example Set dhcp gateway primary 172.168.1.1 cd lan Set dhcp serverSet user PAT with Ipcp Single-Destination Negotiation PAT with Ipcp Single-Destination Negotiation Example Set system Set ip pat po ftp 10.0.0.2 cd lan Dhcp Server with PAT and Ipcp Single-Destination Negotiation Set active Dhcp server Cisco Isdn network Set ip netmask 255.255.255.0 set ip pat on Verify the Configuration 16Cisco700 Series Router Configuration Guide Configuring Remote Capi Capi and RVS-COM Supported D-Channel Protocols Remote Capi Router CommandsSupported Applications Rcapi Command Summary Configuring the Cisco 700 Router as an Rcapi ServerSet rcapi on Set dir Local-router show rcapi status 6Cisco700 Series Router Configuration Guide Token Card and Cisco Secure Authentication Support Token Caching Figure A-2 PAP Client Packet 4Cisco700 Series Router Configuration Guide D E ISP Ipxcp RIP ARP BCP Chap Dhcp Icmp Ipcp Ipxcp ISDN-DCP Mlppp PAP PAT