External authentication using AAA - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] now in this video we'll talk about external based authentication method using turbulent like how we can how we can have some extra indication method what are the major advantages and how what are the different protocols which we are going to use to make this possible now before we go with some external based authentication methods let's try to understand some of the major drawbacks with local based authentication now in case of local based authentication like here I go to route of one connecting to switch let's say I go to switch 2 as well and then switch 3 as well now if you want any specific engineer to access any specific device then they must be used local user name and the password stated on each and every device but this is something not possible in the big size networks where you have some twenty twelve devices and it's going to each and every device and creating the username in the password for each and every employer or engineer who will be accessing the devices remotely it's something not possible so there is no centralized control and this iniciative task is going to be increased here so it's really not scalable for big size networks now to overcome this what we can do is in the authentication revise what we are going to do is we are not going to store the user name and the password on the local machine let's say I go to the router or firewall whatever it is let's assume that it's a router now we are going to maintain what external based authentication server we call as tubeless level now acs is actually a software which is going to run on that computer so if any user is going to try to log in to any specific device it can be login wire comes online or it can be one of et where lines or it can be on straight line even you can use for pvp also pvp also we can we can do that if any user tries to log into any device or provide I can I want to exchange the device in this scenario we are going to discuss only about login authentication now the device is going to send the request back to the external base server now this will be referred as a client and the devices like routers switches firewalls will be referred as clients attributed lines whereas the server is going to this distributed server it's going to be like a server now what we are going to do is you are going to create all the username and the password all this information or the database is maintained by this server not individual devices now if any user tries to log into this device it is going to send that indication method to the server and the server is going to validate your authentication if it is correct it is going to tell the device to access the connection if it is not correct in that case it is going to tell not to access the connections now here we are not going to store the username and the password of each and every initiative a device instead it is stored in the external base server now this can be done by using some similar kind of implementations we'll talk about that more in detail now one of the major advantages using the external based authentication method is your username in the passwords or store on the local server not on the local machine ok so every time any use device tries to log in it will be syndicated by the external server and it allows you to have a centralized authentication method where all the username and the passwords can be stored in a one single server on a centralized server and it minimizes the administrative tasks and it's fairly scalable for big size records now this can be done by using some some kind of consolation called fiblet we call this our sibling tribulus transfer authentication authorization and accounting now it is an acronym for authentication authorization and accounting authentication is going to provide if any device any users slash login is going to provide authentication like authenticating the users whether it is a valid user or not it is a valid user then he will be able it will be provided access based on the user name and password and once he logs in then authorization is a method ways the particular is the server is going to verify whether this particular user is authorized to dishonored like it simply says what they can do what he cannot do like some of the examples like if a if a dedication if you user logs in like we can define some basic example like when a user logs in you can read read and read only permissions but it cannot make any changes something like that that's what we call an authorization what what are the operations the user can perform then we can change the passwords we cannot change the password we can change IP looks like that those are the authentication implementations after that accounting is something maintained by the device and again accounting is something like keeping the track of each and everything what happened like if a user tries to log into the device while we t by line it will tell you work from which line he access we divide line or control line or at what is the time and how much duration he was he was on line on that particular device and what are the changes he did like what other commands he has issued all that information will be maintained by these servers it's going to provide three different options it's going to provide you the authentication authenticating the user with a valid user or the invalid user authorizing the user with what he can do what he cannot do and then keeping the track of all the all the events or all the things whatever it it that's what we call as accounting ok so we can we can do with this this kind of things by using some external based servers and there are two major protocols which are used here radius and pickaxe which are client-server dribblin protocols so whenever a user device tries to log into any device either as element or we do a line now this router will be referred as a triple a client and the server computers they might be running some application like cisco secure ACS Express or cisco secure a cs4 windows server these are the different kinds of applications what which will allow you to maintain that stability database and the device is going to send a request to the external server and the external server is going to verify the username the password and it's going to inform the device that is your client and based on that the user will be allowed to login now the major advantage we get here is because a centralized centralized administration or centralized authentication centralized authorization and accounting all this is maintained by this external server and there are two major protocols which will help us to do like Peck acts and the radius now radius is is a standard protocol that acetic acid is Cisco proprietary one so the CAC stands for thermal axis control access controller access control system whereas a radius transfer report authentication dialing user service now these were almost same but the tax is somewhat much secure I am radius depending upon the requirement we can use any one of these external based authentication measures so probably in this section you are not getting into how to compute this package so this kind of thing is something beyond the scope of this course but we are going to assume that we have a server which which will be providing some username in the password and we are going to verify that in our lab in the next section [Music]

Info

Channel: Sikandar Shaik

Views: 25,120

Rating: undefined out of 5

Keywords: ccna, noa, ccna videos, ccnp, noa videos, cisco, ccie, subnetting, ccna security, bgp, ospf, firewall, ccna subnetting, ipv6, bgp videos, stp, ccna vdieos, ccna free video, ccie certification, ios, iou, virtual, eigrp, cisco virtual lab, iosv, asav, gns3, routing, noa vdieos, noa solutions, zone based firewall, zone pair, zbf, flsm, cisco firewall, cisco security, cisco certifications, wan, ip addressing, netmetric, vlsm, eigrp configuration, vlan, ccna, noa, ccna videos, ccnp, noa videos, cisco

Id: lJR5BBo9EG8

Channel Id: undefined

Length: 7min 52sec (472 seconds)

Published: Mon Jan 23 2017