Define the Security Server
Defining one or more security servers that provide the authentication services is necessary. The server or servers can be TACACS+, RADIUS, or both. The method lists specified in the authentication, authorization, and accounting commands determine which type of server should be used for each service and, if both are specified, in which order. If multiple servers of either type are specified, the Cisco IOS software searches for hosts in the order in which they’re specified.
Both protocols support Timeout Timer options for defining how long the device will wait for a reply from the specified host before moving on to any remaining server. Both also support Key options, which, if configured on both the server and the firewall router, provide a level of device authentication. The key, if defined, travels in the request packet and is treated as a password or authentication token by the server. If the key doesn’t match the one configured on the server, the request is denied.
The protocol-server host command is used to define the security server. While they’re quite similar, the RADIUS version has more options.
198 times read
Did you enjoy this article?
(total 0 votes)