Hello and welcome to I C and D one interconnecting Cisco networking devices. Part one This is episode 23 to securing switch. See Ally with usernames and passwords. I am Trend Arrow would be a structure for this course.
The last video went over the lesson 2.3 overview. It's a pre assessment questions. In this episode, we're gonna be covering the setting the line Passwords for the Consul port. Tell men S S H. We will set up a local user name and password database for logging in.
And lastly, we will touch upon why we use external authentication servers.
So are learning objectives for this. We're gonna set the line passwords for the telling. That s his H and Consul ports.
We're gonna create a local database of user names and passwords for logging in, and we're gonna duck a brief bit about the external authentication servers or triple A servers.
So a quick pre assessment here, what is the difference between the enable password
and the enables? Secret commands give you shoes seconds to positivity on trying to figure it out.
All right. Hopefully you remember this from our previous lessons here.
enable. The Secret Command is MD five hashed. The password is clear. Text in the running of Vic.
All right, so setting the live passwords here are the commands you're gonna want to know to get into him here.
So I'm gonna go ahead and bring up my party session.
Get that going. And as you can see, we're gonna go ahead and counsel port into it right now.
So we get this going. Certainly enter bringing soap, Okay? We're into user mode. We're gonna enable
All right, So we're going to figure terminal
And we're just gonna do so if we leave from here. There's quite a bit we can still d'oh!
If you look here, we're going to set a basic password. Something cute.
where is gonna set it for Cyber Eri?
And again if we do a showrunner
Oh, I see. What do you
you see, the password is in clear text here,
and it's the same thing. If we go into the
you want to set the SS h password like that,
and zero space 15 cause that'll include all
15 lines for the virtual terminals.
and we'll just do cyberia again.
so those are just sitting that line passwords.
So go ahead, give her the party procession.
Summer was just to get into it. You knew Could figure terminal. And then you do the line counsel zero to get in the council connections and in the line V t Y 0 15
Let me actually show you I'm gonna disconnect out of my party session to exit.
So it just connected, and I want to go back into it.
All right, so we need to set the
log in style as well. So I'm going to line it can
And same thing if we do the line of E. T Y 0 15
who's set log in as well and
All right, so now it's recording a password. Someone taken cyber, bury it, enter
and we're now in. It'll be the same thing when we set up. Sshh. Right now it is set for
They're for telling that. Excuse me,
so give it to the party session.
All right, so now we're gonna set up a local use named database. This is what you actually need to set up for
for S S H. And it's a better system. You'll see why here in a minute.
This will not replace the enable password they had to set. You can't set.
Um, it's still your password that you set on the VT y lines of the council.
So if you go to line our excuse me t
this one of two set this will do log in local, which says to use the local using database
And if we do a show run here,
you'll see that there is currently no use news of passwords.
And right now So what we do is go to configure terminal.
We'll do use your name
And remember, the difference in secret and password is secret. Is MD five hashed and passport is clear. Text
snow If we run a show run,
we will see the user name and you know
So now it's asking for a user name When we go in since we set that log in local sitting Well, do Trent
All right, So why we would might use the Jews named Password database. So I'm just gonna go in and change
an interface here. Police phaser. One
description left up.
so right here is why would use it? Could've figured by trends.
So it gives you a little bit accountability of who has changed your switch configuration.
It's a little bit about the extent with the authentication and authorization servers. So they're also called Tripoli servers, which is authentication, authorization and accounting. Authentication says, you know, is this who you are? You know, you're you're trying to be trackless aired. You're trying to be someone. So this says are you know, do you have the credentials
to be this person? Authorization is
what are you allowed to do on this server? What do you want to do on a switch? Accounting is Think of it as locking, right. It logs what you do in that switch.
Why might we use the external Tripoli servers?
So you think about an enterprise with maybe 100 switches? Let's say you are on boarding a new I t. Person and
you don't want to go around to every single switch and, you know, use your name,
user one pattern, you know, secret password one.
You don't do it every single server and said you can set all of them to talk to this external triple A server.
And then you can just add that one person in the server or if someone leaves, you don't have to remove them from every single switch and router. You can just remove them from the Triple A server
s o, the two triple A service. And, you know, for this exam is the radius, which is a remote authentication dialling user service.
it's a little older. The Tech X plus is the terminal access controller access control service. Plus,
thankfully, we use acronyms because terrible to say
so, take explosives. Really nice, because you can actually set what commands you can like. Each person can use anything, so you know you don't want your help that's going in and changing all your routes are changing. You know, switch virtual interfaces or changing the lands.
You can only if you want to. You can set to help this group's just you show command. So that way they can try and trouble Su stuff where they can't actually gonna figure stuff.
It's kind of nice in that aspect is you can set exactly what each person d'oh!
So we're going to the post assessment here, and both the user name and password is set on a switch and a line password is set.
Wish will switch use.
All right, hope you figure this out. Remember,
it depends on if the log in local or log in is set on the like configuration. Remember, when it's set to just log in,
it's just gonna ask for that password, right? It's just gonna want that log in password for that line. What if he's logging local than it's going to use that user name and password database that set on the switch?
It's usually good to go back and clean nose out out of your running confessed that way. If someone does get access, they can't look into running configured, try and guess what the pastor's might be.
So, in the next episode, we're gonna set up Sshh, we're gonna come configure that remote interface from management.
And, as always, if you guys have questions or need some help, feel free to shoot me a message. All right. Thank you for watching this episode and look forward to senior next one.