Authentication allows administrators to identify who can connect to a router by including the user's username and password. Normally, when a user connects to a router remotely by Telnet, the user must supply only a password, and the administrator has no way of knowing the user's username. You can, however, configure local usernames and passwords on a Cisco IOS router, but this does not scale well and it is not very secure. Configuring a small set of routers with individual usernames and passwords (IOS syntax username username password password) is fine, but doing so for large networks would be a difficult exercise to manage. Centrally locating the usernames and passwords is a better solution because only a few devices need to be updated and maintained. Also, users are not logged, and their configuration changes are not monitored without further configuration changes made on each individual router.

Example 4-1 displays a sample code snippet of a remote user accessing a AAA-configured Cisco router by Telnet.

Example 4-1 Username/Password Pair Entry

Sydney>telnet San-Fran

Trying san-fran (

. Open User Access Verification

Username: drewrocks

Password: xxxxxxxx


As you can see in Example 4-1, the user must enter a valid username and password to gain access to the router. Typically, a database containing the valid usernames resides locally on the router or on a remote security server.

0 0

Post a comment