Router Access Modes
It is important to understand that you can put in place AAA controls for traffic passing through a router or traffic destined for the router. Traffic passing through the router is defined as a packet moving from one network to another. Traffic destined for the router is a Telnet session to the router itself. AAA environments are usually in place for two reasons: first, as a method to authenticate dial-in or remote users, and second, as a means to manage an IT team. It is common to find elaborate and complex AAA configurations that only regulate the IT staff. With AAA in place, you no longer need to give an administrator the enable password to any device. She connects to a router, the router prompts her for a username and password, and they are sent to the AAA server. Based on her profile, the administrator obtains access to the device at the appropriate system or configuration levels, and AAA logs a record of everything she does.
Based on the two uses, dialing in and managing, the router supports two modes. The two modes are packet mode and character mode. In packet mode, also known as interface mode, the data passes through the router from one network to another through ports, such as asynchronous, Basic Rate Interface (BRI), Primary Rate Interface (PRI), serial, and dialer interfaces. The format of the packet requesting AAA services dictates the type. Packet mode is expressed as
Service-Type = Framed-User and Framed-Type
In character mode or line mode, the data is destined to the router to a TTY, VTY, AUX, or CON port, most likely for configuration and maintenance reasons. The format of a packet for character mode is
Service-Type = Exec-User