1
00:00:00,870 --> 00:00:08,060
In the CCN a course we've been discussing the use of local usernames and passwords you know the words

2
00:00:08,330 --> 00:00:15,400
to use the name and password information is stored on each router or switch individually.

3
00:00:15,560 --> 00:00:23,130
So as an example when I log on to this radhe radhe one there's no with any cation.

4
00:00:23,350 --> 00:00:31,840
But what we could do is create a username on the router and then go into the link console and specify

5
00:00:31,840 --> 00:00:38,900
log in and either align logging or specify a local logging.

6
00:00:38,920 --> 00:00:45,590
So now when we log on to the router we are prompted to enter the username and the password.

7
00:00:45,700 --> 00:00:52,000
That works well when you have a small environment but as you scale it becomes a lot of work.

8
00:00:52,000 --> 00:00:56,920
So as an example when I connect to router to there's no username and password.

9
00:00:57,130 --> 00:01:07,550
So what I need to do now is create a separate username and password on route to and then I need to remember

10
00:01:07,700 --> 00:01:17,740
to go to the line console and specify a log in local and I mustn't forget to do that on the Etiwanda

11
00:01:17,780 --> 00:01:19,030
lines as well.

12
00:01:19,620 --> 00:01:28,990
So logging back in I'm now prompted for my username and password on Rodda to but once again when I connect

13
00:01:29,080 --> 00:01:34,870
to router 3 there's no use an admin password and I have to specify that again.

14
00:01:35,080 --> 00:01:44,140
Now that's not the only problem that we have to configure passwords locally on every device.

15
00:01:44,200 --> 00:01:48,540
So you've got to remember to do all that configuration.

16
00:01:48,970 --> 00:01:54,670
But what you've also got to remember to do is to change your passwords on a regular basis.

17
00:01:55,970 --> 00:02:02,010
To implement good security practices you should be changing your password on a regular basis.

18
00:02:02,030 --> 00:02:09,320
That means that we have to go to every device in the network and change the password on each device

19
00:02:09,350 --> 00:02:10,470
individually.

20
00:02:10,820 --> 00:02:13,160
In this example of only got five devices.

21
00:02:13,370 --> 00:02:20,630
But if you've got a hundred or a thousand network devices that's a lot of configuration that increases

22
00:02:20,660 --> 00:02:25,890
because you don't want the users sharing the same username and password.

23
00:02:25,940 --> 00:02:29,390
So if you've got another using your environment

24
00:02:32,300 --> 00:02:36,110
you should set up that to use count on every router.

25
00:02:36,110 --> 00:02:46,630
So as an example on broader one I can logon as Mary but I can't do that on a t.

26
00:02:48,490 --> 00:02:54,040
Because I haven't configured a username Mary on rockety.

27
00:02:54,550 --> 00:03:01,360
So the management of user names and passwords becomes very difficult when you have a local user names

28
00:03:01,360 --> 00:03:03,830
and passwords configured on every device.

29
00:03:04,980 --> 00:03:11,310
So it makes sense to centralize your usernames and passwords on a central server.

30
00:03:11,580 --> 00:03:19,890
So in this example we've got a user called Edmon that we could add Mairi or David to this database and

31
00:03:19,890 --> 00:03:28,110
then point every network device to the central Esaias server which means that we don't have to configure

32
00:03:28,470 --> 00:03:36,840
a local username and password on every device for every user that needs to access that device.

33
00:03:36,840 --> 00:03:44,630
The server can also be leveraged once again for a 2.1 X theni cation where you centralize the username

34
00:03:44,700 --> 00:03:53,220
and password a vindication of users accessing the network through a triple a server or authentication

35
00:03:53,460 --> 00:03:55,900
authorization an accounting server.