C H A P T E R 12

Configuring Security Features

This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for implementing selected security features that can be configured on the Cisco 1800 integrated services fixed-configuration routers.

Note Individual router models may not support every feature described throughout this guide. Features not supported by a particular router are indicated whenever possible.

This chapter contains the following sections:

Authentication, Authorization, and Accounting

Configuring AutoSecure

Configuring Access Lists

Configuring a CBAC Firewall

Configuring Cisco IOS Firewall IDS

Configuring VPNs

Each section includes a configuration example and verification steps, where available.

Authentication, Authorization, and Accounting

AAAnetwork security services provide the primary framework through which you set up access control on your router. Authentication provides the method of identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you choose, encryption. Authorization provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX), AppleTalk Remote Access (ARA), and Telnet. Accounting provides the method for collecting and sending security server information used for billing, auditing, and reporting, such as user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.

AAAuses protocols such as RADIUS, TACACS+, or Kerberos to administer its security functions. If your router is acting as a network access server, AAA is the means through which you establish communication between your network access server and your RADIUS, TACACS+, or Kerberos security server.

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

 

OL-6426-02

12-1

 

 

 

Page 121
Image 121
Cisco Systems OL-6426-02 manual Configuring Security Features, Authentication, Authorization, and Accounting, 12-1