1
00:00:00,860 --> 00:00:08,640
On the Cisco atheists serve we need to go to network configuration and add a triple a client.

2
00:00:08,700 --> 00:00:16,690
In other words we need to add the Cisco router we need to specify the host name of the Rodda.

3
00:00:16,990 --> 00:00:18,410
Call throttle one.

4
00:00:18,890 --> 00:00:25,990
And then we need to specify the IP address of the Rodda tend to add 1 to 1 to 1.

5
00:00:26,200 --> 00:00:27,520
The key that we used

6
00:00:33,990 --> 00:00:40,730
was Cisco shown over here.

7
00:00:40,850 --> 00:00:48,770
So we need to specify Siska is the key and we are going to theni Kate in the example using Takacs Siska

8
00:00:48,880 --> 00:00:50,010
us.

9
00:00:50,090 --> 00:00:56,180
There are other options such as radius but will use techniques in this example and I'm going to click

10
00:00:56,390 --> 00:00:59,180
submit and apply to apply that configuration

11
00:01:02,260 --> 00:01:03,770
once again under uses.

12
00:01:03,790 --> 00:01:08,340
We only have a use of called admen.

13
00:01:08,430 --> 00:01:13,900
So now let's test whether we can log back in to one as David.

14
00:01:14,180 --> 00:01:17,170
All into David and the password.

15
00:01:17,190 --> 00:01:23,910
Notice that vindication has failed on the Tech X server going to reports and activity.

16
00:01:24,030 --> 00:01:31,600
We can look at failed attempts and we can see here that we've got a failed attempt for David external

17
00:01:31,600 --> 00:01:42,510
database use invalid or bad password a look in his memory use and a memory Posawatz Siska I'll refresh

18
00:01:42,510 --> 00:01:48,480
the logged in failures and notice Mary has failed.

19
00:01:48,720 --> 00:01:59,490
But if we log in as admin Cisco the offene cation passes and we are able to access the Rodda show run

20
00:01:59,850 --> 00:02:00,720
pipe.

21
00:02:01,000 --> 00:02:11,300
Include user shows us that we have a user davit and a user Mary with the relevant passwords but the

22
00:02:11,330 --> 00:02:19,570
local username and password database is only used if the tech X server is not available.

23
00:02:19,830 --> 00:02:32,730
So as an example if I stop the Tech X service on the Tech X server and exit out of the router and then

24
00:02:32,730 --> 00:02:43,530
log in as David I can access the broader so I can only use the local username and password database

25
00:02:43,620 --> 00:02:46,660
if the tactics server is down.

26
00:02:46,660 --> 00:02:50,820
If however the Tech X server is up I'll start the service again.

27
00:02:53,270 --> 00:03:03,710
If I try and log back in as David notice authentication has failed and once again on the Tech X server

28
00:03:04,190 --> 00:03:08,990
we can see that David failed the authentication.

29
00:03:08,990 --> 00:03:13,120
I can however log back in as admin.

30
00:03:13,240 --> 00:03:19,010
Now what's really nice about this is that you can create centralized user accounts so I could try to

31
00:03:19,100 --> 00:03:23,030
use a call use of one set to password

32
00:03:25,930 --> 00:03:27,790
and click submit.

33
00:03:27,790 --> 00:03:37,930
So when I look at the available users I now have a user called use a one and without making any configuration

34
00:03:37,930 --> 00:03:39,990
changes on the router.

35
00:03:40,390 --> 00:03:49,990
We can log in as use of one so that to use it doesn't exist in the local rodder configuration but exists

36
00:03:49,990 --> 00:03:51,900
on the X server.

37
00:03:52,030 --> 00:03:59,530
If I want to I can disable the user account so use one is now disabled.

38
00:03:59,950 --> 00:04:08,860
Back on the road if we try and log in as use one indication has failed and once again looking at the

39
00:04:08,860 --> 00:04:18,710
reports on the server we can see failed attempts to use a one account is disabled.

40
00:04:18,970 --> 00:04:22,660
So when they try to access this device TTB Why 0.

41
00:04:22,660 --> 00:04:31,770
In other words the console they logon has failed if they try to access that router remotely so they

42
00:04:31,770 --> 00:04:41,640
try to tell it to the Rhondda and logon as use a one education has failed and refreshing the information

43
00:04:41,650 --> 00:04:49,390
the tech X-server we can see that use of one has failed the authentication account is disabled and they

44
00:04:49,390 --> 00:04:51,620
try to access TDY 98.

45
00:04:51,670 --> 00:04:57,670
In other words one of the V-twin one lines on the router we're getting a lot of central information

46
00:04:57,940 --> 00:05:00,210
from the Esaias server.

47
00:05:00,430 --> 00:05:03,070
What we can also do is enable some debugging

48
00:05:06,920 --> 00:05:13,780
So logon as admin and then we can use command such as debug Takacs.

49
00:05:13,980 --> 00:05:21,830
And I'll just enable all of that and debug Triple-A.

50
00:05:21,960 --> 00:05:24,830
And in this case will enable the indication.

51
00:05:25,040 --> 00:05:34,060
So when the user tries to access the router we can see quite a bit of information so Triple-A authentication

52
00:05:34,090 --> 00:05:39,090
log in the users trying to log in we using the default method.

53
00:05:39,260 --> 00:05:41,570
Note on the V-twin lines

54
00:05:44,410 --> 00:05:47,650
no authentication methods have been set.

55
00:05:47,750 --> 00:05:50,660
It's inheriting the default method.

56
00:05:50,660 --> 00:05:56,470
So default is being used to authentication start Pech it create it.

57
00:05:56,620 --> 00:05:58,810
We try to get a response from the user.

58
00:05:59,020 --> 00:06:02,190
In this case the user took too long so let's try that again.

59
00:06:05,790 --> 00:06:18,670
I'll put in the User name of use a one so we can see now it's asking for a password.

60
00:06:18,800 --> 00:06:26,750
And notice the response failed the server 10 1 1 1 has rejected that user name.

61
00:06:26,860 --> 00:06:35,560
So let's put some spaces then log in with the admin user logon succeeded.

62
00:06:35,580 --> 00:06:44,910
So in this case we received a response of pass authentication succeeded so go through the full process

63
00:06:44,910 --> 00:06:45,290
again

64
00:06:48,250 --> 00:06:53,030
telnet to the Rodda default list is being used.

65
00:06:53,080 --> 00:06:59,850
We are asking for the user account so that admin asking for the password

66
00:07:02,520 --> 00:07:04,890
authentication succeeded.

67
00:07:05,100 --> 00:07:08,880
So we can see what's taking place in the background here.

68
00:07:09,140 --> 00:07:11,030
Triple-A syndication is being used

69
00:07:16,430 --> 00:07:23,260
the Rada is told by the police of it to ask the use of a user name and then to ask them for their password

70
00:07:24,230 --> 00:07:30,190
and then to tell the user that they succeeded the authentication and can logon.

71
00:07:30,200 --> 00:07:35,740
So that's an example of basic Triple-A if any nation on Rotto one.

72
00:07:35,750 --> 00:07:37,800
Now there are two ways to set this up.

73
00:07:37,820 --> 00:07:43,130
We are using the older method at the moment because these routers don't support the new method where

74
00:07:43,130 --> 00:07:46,240
we create a group so I'll show you that in a moment.

75
00:07:46,400 --> 00:07:53,870
But before I do that I'll copy this configuration to rockety to show you that we can create a central

76
00:07:54,200 --> 00:07:55,380
authentication server

77
00:07:59,290 --> 00:08:08,600
at the moment we haven't configured router to on the server so we can still log in as David so under

78
00:08:08,600 --> 00:08:12,360
network configuration we need to create an entry for rodded too.

79
00:08:12,380 --> 00:08:15,660
So I wrote it to tend at 1 to 2 or.

80
00:08:16,160 --> 00:08:21,460
Is the IP address of Arata show IP interface brief.

81
00:08:21,510 --> 00:08:29,420
So there's the IP address key used is going to be Cisco and I'm going to click submit and apply so that

82
00:08:29,420 --> 00:08:30,780
road is now being configured

83
00:08:33,390 --> 00:08:44,590
so try and log in as David authentication has filed try and logon as admin authentication ponces.

84
00:08:44,820 --> 00:08:54,060
We've now configured to routers with centralized authentication under the reports failed attempts.

85
00:08:54,210 --> 00:09:00,570
We can see that David failed the syndication attempt on the second router.

86
00:09:00,570 --> 00:09:07,800
So we are seeing information for both router 2 and Rato one that's configurator sorry I'll take the

87
00:09:07,890 --> 00:09:11,130
configuration and paste it into router 3

88
00:09:14,630 --> 00:09:16,740
on broader three.

89
00:09:17,130 --> 00:09:18,530
We can log in as davit.

90
00:09:18,660 --> 00:09:24,960
So that works but we can log in as admin because we still need to configure the server

91
00:09:28,630 --> 00:09:39,690
so Beck couldn't ACX at Rodda 3 IP addresses tendered wandered 1 to 2 3 password keys Cisco click submit.

92
00:09:39,730 --> 00:09:47,950
The router is not configured So previously we couldn't log in as admin but now hopefully we should be

93
00:09:47,950 --> 00:09:51,040
able to let's try again.

94
00:09:52,900 --> 00:09:54,150
David failed there.

95
00:09:57,380 --> 00:10:00,670
Addleman so Edman Cisco works

96
00:10:04,570 --> 00:10:07,730
David Cisco doesn't work.

97
00:10:08,580 --> 00:10:15,120
Because the rod is not communicating with a yes but admin Cisco does.

98
00:10:15,120 --> 00:10:22,130
So we've now got three routers configured to communicate with an AC s server.

99
00:10:22,260 --> 00:10:29,470
These routers are using an older version of iOS they're using version 12 to 4.

100
00:10:29,720 --> 00:10:36,920
And that version doesn't support tech X server groups which is the new way of doing things and is what

101
00:10:36,920 --> 00:10:38,310
you need to know for the exam.