1
00:00:00,900 --> 00:00:09,210
At the moment in the Jinnah's three typology we can log in to write one with the user named David and

2
00:00:09,210 --> 00:00:10,840
password Cisco.

3
00:00:11,290 --> 00:00:16,890
The server however only has a user name of admin.

4
00:00:16,920 --> 00:00:23,400
So once we integrate our one with the US server David will no longer be able to log in.

5
00:00:23,490 --> 00:00:31,800
So let's configure our one to talk to the authentication server at the moment.

6
00:00:31,800 --> 00:00:40,050
Please note that on the console when we use the command log in we have the option log in enter or carriage

7
00:00:40,050 --> 00:00:48,830
return which means that the password on the line is used for theni cation or we can specify that to

8
00:00:48,830 --> 00:00:53,350
a local username and password database is used for any question.

9
00:00:53,400 --> 00:01:02,590
One of the first commands we're going to use with Triple A is triple A new model.

10
00:01:02,630 --> 00:01:07,270
This will enable new access control commands and functions.

11
00:01:08,320 --> 00:01:11,050
And disable old commands.

12
00:01:11,050 --> 00:01:19,610
So we've entered Triple A new model now and we go on to the console and type log in.

13
00:01:19,660 --> 00:01:22,440
Notice the options have changed.

14
00:01:22,450 --> 00:01:33,120
Previously we had log in local logging into but if we type logging into that doesn't work or logon local.

15
00:01:33,350 --> 00:01:35,610
That also doesn't work.

16
00:01:35,630 --> 00:01:42,950
So the authentication commands have changed and now we have the options a log in a theni cation and

17
00:01:42,950 --> 00:01:47,310
we can specify a word or the default option.

18
00:01:47,390 --> 00:01:49,650
I'm not going to enter that now.

19
00:01:50,090 --> 00:01:58,450
By default the authentication used is default and I'll show you where that's configured in a moment.

20
00:01:58,460 --> 00:02:05,390
So all we've done thus far is specify Triple A new model.

21
00:02:05,510 --> 00:02:09,270
We need a local user name and password as backup.

22
00:02:09,830 --> 00:02:12,360
But that was configured previously.

23
00:02:12,440 --> 00:02:14,820
So we've got to use the names and passwords here.

24
00:02:14,930 --> 00:02:17,060
David and Mary.

25
00:02:17,060 --> 00:02:19,720
So what we'll do now is specify Takacs.

26
00:02:19,880 --> 00:02:27,500
You could use radius but in this example I'm going to specify a tech hex host of 10 Daube wondered wondered

27
00:02:27,500 --> 00:02:40,110
one that is this a C S server A C A server has an IP address of 10 1 1 2 1.

28
00:02:40,260 --> 00:02:46,870
So as an example paying tended 1.1 that one the rodder can ping the server.

29
00:02:47,270 --> 00:02:52,190
We need to specify a password that's going to be used for encryption.

30
00:02:52,340 --> 00:03:02,170
So we use the common Tech X server key and then specify a password for the encryption key for the encryption.

31
00:03:02,270 --> 00:03:07,890
I'll use Cisco here and now we need to specify Triple-A options.

32
00:03:07,940 --> 00:03:13,180
We have a thin location authorization and accounting.

33
00:03:13,310 --> 00:03:20,920
I'm going to specify a syndication what are we going to a theni Kate in our example begin with and he

34
00:03:20,920 --> 00:03:27,560
kept a log in attempts to the Rodda So triple a syndication.

35
00:03:27,860 --> 00:03:31,440
You could also use triple A for sessions.

36
00:03:31,460 --> 00:03:33,890
In other words CHEP or pap.

37
00:03:34,220 --> 00:03:38,380
Or when someone uses the enable command to go to the enable mode.

38
00:03:38,700 --> 00:03:41,400
But you will simply do it for luggin.

39
00:03:41,780 --> 00:03:47,990
We can use a word or default and that's where that default option comes in.

40
00:03:47,990 --> 00:03:55,360
Default means that this theni cation method is going to be applied to all lines on the router.

41
00:03:55,370 --> 00:04:02,220
That means the console exhilarate port v.t. Why lines and TDY lines.

42
00:04:02,330 --> 00:04:07,720
We didn't apply authentication on the exit to report on this router but by using Triple-A.

43
00:04:07,790 --> 00:04:15,320
It's a lot easier to apply and authentication on every line on the device and not to miss some of the

44
00:04:15,320 --> 00:04:16,140
lines.

45
00:04:16,340 --> 00:04:18,970
So it's a lot better than doing things locally.

46
00:04:20,180 --> 00:04:24,180
We can then specify what's going to be used for syndication.

47
00:04:24,470 --> 00:04:32,350
In our example we want to specify a group which is going to be Takacs because we're using a tech X protocol

48
00:04:32,980 --> 00:04:36,930
and then as a backup authentication method we can use local.

49
00:04:37,330 --> 00:04:44,680
What that means is that if the router is able to connect to the Tech X server because the network is

50
00:04:44,680 --> 00:04:52,000
down or the server is down a local username and password database will be used as an alternate method

51
00:04:52,300 --> 00:04:54,770
for a thin equating the user.

52
00:04:54,820 --> 00:05:01,780
Now please note offene cation failures to the Tech X server doesn't mean that the local database will

53
00:05:01,780 --> 00:05:03,040
be used.

54
00:05:03,040 --> 00:05:09,470
The local database is only used if the X server is unavailable.

55
00:05:09,660 --> 00:05:14,520
So there was the configuration show run will allow us to see that.

56
00:05:14,700 --> 00:05:18,220
So we specified a new model we specified.

57
00:05:18,240 --> 00:05:25,270
Our authentication default method is going to be using Tech X and then a local database.

58
00:05:25,400 --> 00:05:30,590
These were configured previously but you would need to configure a local username and password as a

59
00:05:30,590 --> 00:05:33,070
backup.

60
00:05:33,240 --> 00:05:41,570
He has our Tech X server information and notice on the lines we no longer see log in local.

61
00:05:41,570 --> 00:05:50,770
The console is using the default which is to use Takacs And if that fails to use a local database.

62
00:05:50,930 --> 00:05:57,890
So when we try and log back into the router with a user name of David and password of Cisco it works

63
00:05:57,890 --> 00:06:02,890
at the moment because the router isn't connected to the Tech X server.

64
00:06:02,960 --> 00:06:10,130
We still have to configure the Tech X server to allow the router to communicate with the Tech X server.

65
00:06:10,340 --> 00:06:15,500
At the moment we have some other devices here but the genius 3 router isn't configured.