1
00:00:01,220 --> 00:00:07,940
Now the main difference between the old way of doing it and the new way is that we can create groups

2
00:00:08,140 --> 00:00:14,180
so you use the commode Tech X server and you give your server a name you specified the IP address and

3
00:00:14,180 --> 00:00:17,310
key of the Tech X server.

4
00:00:17,330 --> 00:00:19,870
Previously you topped those two commands.

5
00:00:20,060 --> 00:00:23,630
But now you configure the configuration as follows.

6
00:00:23,630 --> 00:00:28,550
You also create groups which you can use to provide to different services.

7
00:00:28,670 --> 00:00:31,120
So the top triple A group server.

8
00:00:31,310 --> 00:00:40,650
In this case Takacs and create a group which then maps back to the server a previously created.

9
00:00:40,900 --> 00:00:49,270
And now when you specify you will log in you point to this group here rather than pointing simply to

10
00:00:49,270 --> 00:00:56,800
Takacs the Skyview more flexibility than what you had previously this router is running Iowa.

11
00:00:56,910 --> 00:01:00,690
The version 15 dots six of Iowas.

12
00:01:00,780 --> 00:01:09,380
So it's a lot newer version than the other rod is notice 15 dot 6 too.

13
00:01:09,930 --> 00:01:16,660
So all configured this Rodda using the new method which is the method that you need to know for the

14
00:01:16,850 --> 00:01:23,320
CCN exam Confiteor Triple A new model.

15
00:01:23,320 --> 00:01:32,090
Now before I enter that at the moment please note that there is no authentication to log in but what

16
00:01:32,090 --> 00:01:37,390
I'll do now is enable Triple A New Model specify a backup.

17
00:01:37,390 --> 00:01:44,040
Use the name of David with a password of Cisco.

18
00:01:44,050 --> 00:01:45,430
Note once again that

19
00:01:48,250 --> 00:01:56,140
the console has no any cation configured on it and neither do the other lines such as the orc's and

20
00:01:56,140 --> 00:02:05,830
VQ 1 lines techniques and the difference now is we have space server and now we can specify a name.

21
00:02:05,860 --> 00:02:08,480
So AC so whatever name you want.

22
00:02:08,980 --> 00:02:17,060
This gives us different options but as an example we can specify the IP version for the address of the

23
00:02:17,060 --> 00:02:22,540
server and the key that's going to be used.

24
00:02:22,550 --> 00:02:31,010
So we've specified the address of the server and the key for the encryption to the server top exit.

25
00:02:31,320 --> 00:02:39,690
And now we can use the command Triple A group server you know example it's going to be Task X and we've

26
00:02:39,690 --> 00:02:48,120
just given a name of a group various options are available but now we can specify a server and the name

27
00:02:48,120 --> 00:02:51,030
of the server which we created previously.

28
00:02:51,030 --> 00:02:55,330
So this is referring back to the server that we created.

29
00:02:55,380 --> 00:03:01,210
So these commands are subcommanders as follows top exit.

30
00:03:01,510 --> 00:03:09,420
And now we can top triple a syndication log in we're going to use a default list to apply it to all

31
00:03:09,420 --> 00:03:10,890
the lines.

32
00:03:10,890 --> 00:03:17,070
And now we're going to specify group which in our case is going to be a C-s group and then we'll use

33
00:03:17,070 --> 00:03:27,110
local as a backup mechanism.

34
00:03:27,120 --> 00:03:32,570
Now the IP address on gigabit 00 is 10 to 1 1 2 2 0 4.

35
00:03:32,600 --> 00:03:43,340
So back in yes we need to specify route a full tenured one or to or 4 clicks submit and apply Raud is

36
00:03:43,340 --> 00:03:44,600
now being added.

37
00:03:44,600 --> 00:03:54,880
So now on the console of the Rodda notice we are prompted for user name specify Edmon specify positive

38
00:03:54,920 --> 00:03:55,400
Cisco

39
00:03:58,060 --> 00:03:59,350
try that again.

40
00:03:59,560 --> 00:04:01,330
Admen Cisco

41
00:04:04,630 --> 00:04:07,950
tried the local username and password that works.

42
00:04:08,020 --> 00:04:09,070
There's a problem

43
00:04:11,730 --> 00:04:14,770
between the browser and the server.

44
00:04:15,190 --> 00:04:18,190
And we'll just confirm our configuration.

45
00:04:18,250 --> 00:04:24,820
So we've created a group called A C-s group which is the same over here that's failing at the moment

46
00:04:24,920 --> 00:04:28,440
and we're getting a local authentication.

47
00:04:28,670 --> 00:04:30,770
The server that we pointing to is ACX

48
00:04:35,460 --> 00:04:37,070
which we can see over here.

49
00:04:37,180 --> 00:04:42,540
Password is Cisco for the communication to the same server.

50
00:04:42,600 --> 00:04:46,290
Let's confirm that we did that right on the ACA server.

51
00:04:46,320 --> 00:04:51,250
Notice I forgot to put a key in its specified key of Cisco.

52
00:04:51,510 --> 00:04:58,730
Click submit and apply and now we'll try again so the user name is Edman.

53
00:04:58,920 --> 00:05:02,260
Also to Cisco we are straight in.

54
00:05:02,340 --> 00:05:03,570
So that works.

55
00:05:04,180 --> 00:05:13,030
If we try David in other words the local username and password that should fail and it does because

56
00:05:13,150 --> 00:05:24,910
that user is once again not configured in a C-s so on reports failed attempts we can see that David's

57
00:05:25,000 --> 00:05:26,390
authentication failed.

58
00:05:27,190 --> 00:05:31,480
For this router 10 dot 1.1 to 2 or 4.

59
00:05:31,530 --> 00:05:42,970
So let's copy this configuration and I'll configure this Iowa v late to switch with that configuration.

60
00:05:42,970 --> 00:05:49,560
At the moment the switch has no configuration so I'll create an IP address tendered one to add 1 to

61
00:05:49,730 --> 00:05:50,680
2 or 5

62
00:05:53,660 --> 00:05:55,250
on the switch.

63
00:05:55,490 --> 00:06:02,760
Kennet paying the A C S server yes it can.

64
00:06:03,130 --> 00:06:08,840
So now we can paste that AC s configuration into the switch and there you go.

65
00:06:09,960 --> 00:06:18,050
Back on the A C S server we need to add our switch so switch one tended wondered one to two or five

66
00:06:19,010 --> 00:06:22,370
Poso to Cisco submit that.

67
00:06:22,470 --> 00:06:23,500
So there we go.

68
00:06:25,010 --> 00:06:33,860
So now when we exit out of the switch and log back in we are prompted for a username and password and

69
00:06:33,920 --> 00:06:45,320
admin Siska succeeds whereas a user of David and Cisco fails because that user name is not configured

70
00:06:45,530 --> 00:06:46,920
on the server.

71
00:06:47,180 --> 00:06:51,210
So once again admen Cisco succeeds.

72
00:06:51,320 --> 00:06:58,220
So this is the advantage we've got one two three four five devices using a centralized AC server.

73
00:06:58,220 --> 00:07:03,370
If someone else joined the company we could create another user account.

74
00:07:04,220 --> 00:07:07,680
Such as Peter and click at

75
00:07:10,660 --> 00:07:16,480
specified pitas password click submit.

76
00:07:16,510 --> 00:07:22,800
So we now have admin PITA and user one configured on the switch.

77
00:07:22,800 --> 00:07:25,020
Notice there is no user name

78
00:07:29,290 --> 00:07:34,590
called Peter there's only a user called David.

79
00:07:34,780 --> 00:07:44,830
But if we log in with a new user of Piedra they can log in and we can do that on any of the devices.

80
00:07:44,880 --> 00:07:50,900
So as an example on Rodek 3 we can log in without a problem.

81
00:07:51,030 --> 00:08:01,940
We could even telnet to say Rodda to and log in as Peter by configuring ACX.

82
00:08:02,060 --> 00:08:06,970
We don't have to configure multiple databases of usernames and passwords.

83
00:08:07,160 --> 00:08:15,040
We don't have to configure the Viti why orc's and console ports on every individual device.

84
00:08:15,040 --> 00:08:23,100
The indication of all those ports will be handled through triple A and we'll leverage a central database.

85
00:08:23,390 --> 00:08:31,910
In my example I'm using a Cisco ACX server that's integrated through GNAS 3 and is providing the authentication

86
00:08:31,910 --> 00:08:37,100
for all of these devices centrally using a local database.

87
00:08:37,100 --> 00:08:45,260
But ACX could point to an active directory database and use the usernames and passwords stored in Windows

88
00:08:45,650 --> 00:08:51,680
for authentication to network devices as soon as you have many devices in your network.

89
00:08:51,680 --> 00:09:01,170
It makes sense to use a radius or Takacs server such as Cisco ACX for your centralized theni cation

90
00:09:02,310 --> 00:09:04,610
authorization and accounting.

91
00:09:04,710 --> 00:09:12,000
In this example I was demonstrating task X but you could also use radius as the protocol between the

92
00:09:12,000 --> 00:09:14,820
Rotto or switch and a server.