so in this video we are going to discuss that how to configure this uh aaa local authentication so we will discuss only the commands and we will do the practice with demonstrating pack address in some other video so we will discuss only the commands which are used to configure triple a local authentication and in the next slide we discuss server based aaa authentication so it is recommended that when we are going to configure this triple a authentication on uh on device first of all we should consider to add at least one name in our local database whether it's even this is of course if this is a local database of course then everything is stored there but if this is server based then we should have at least one information or one information about some specific user every administrative user so that if the server machine fails for example this is the server and it fails then at least we should have some name in our local database by which we should be able to access this device so as a backup plan what we do we just use at least one username and password in local database of a router so as an example we have taken router here so i have created one user one username so this is the username and this is the password we created one username and you can use more encryption techniques to make this more secure but in the simple sense this is the username and password which has been created in the local database of the router first comma and then we need to enable this triple a authentication on the router and to enable that we have a command that is triple a new and here comes that so triple a new dash and module so with this simple command we are going to enable aaa authentication on the router once the aaa authentication has been enabled we need to configure the default authentication list so this is in this case you can see this is a triple a authentication login default local so the first part of this command so from this to login so this first part of this command indicates that this login command is used to allow users to access into the router via console vt by terminals our console port so this commands actually for example here it is a command we use this command so this command actually says that this is the router and user can access the ios of this router using console they can access this vty line so in this way this command is host is used to indicate that one and then comes this word default so the default keyword actually indicates that the authentication method applies to all all the all the lines so the dashboard those lines may be again the console or vt by lines and epp so they can work with all and the authentication methods which will be used by this command so these are located here which comes after this command so after list we will have some information that where to look for the data of the users who want to access for example this user wants to access this router now the router has to check for the database of the users it means it the router should have the record of username and password so it will have to look into some database and at this time this data is available at local machine or local computer so we use the term local here now in here this is interesting point this is actually related to the server base which we'll be discussing later in the next slide but you see here instead of local so this is simple word here if i say this instead of this word we can have a list what can we can have we can have a complete list like we you can see we have the tech x server we have the radius error and then we also have the local database so in this case we are using a list in this list we can have a different method so for example in this case we have mentioned that if the user this user wants to access the router router needs to check first the tecx plus server so tech servers will be there router has to go there and if this fails if this fails then the router has to go to radius server so we will have another server here radius server and if this fails then finally the router has to check the local database so in this way router has to check priority wise these all databases and if one if one is not available then go to next and the second was not available and go to the third one if the third one is not available of course then we will not have any any username to access the uh router's ios so in this case it says the first method is known as primary method and the second method is known as the backup method as well as fallback method so the first method this is primary and this one is the backup method of all that method it's good to have so this is something about when we are using the server-based authentication but we discussed there but at the moment just we are we should be happy with this local one because we are using this local and so with this command we actually configured a authentication list we enabled a tripoli authentication and then we configured a list where the database of the users will be saved and accessed for an authentication and then we need to apply to particular uh port or interface rvt while vty lines and these these this list so what we do yeah so what we do now we have router in this case we have router we have different ports like console port we have vt by line which are actually virtual line now we need to apply this list to that particular uh console port maybe turn terminal line so for example in this case we are going to apply this list which is by name default so yeah this i want to mention that here we can actually specify the name of that particular list for example if i'm going to name for i'm say this is for class name is class maybe name is maybe name is some academics maybe any name you can give the name as well so the name will be used here so apply that particular list to in this case for example two virtual terminal lines so what we do remove it so we use this command say that go to line virtual so go to line dty 0 4 so we are in virtual line and then we say login authentication default so now we are using this list which we created here we are going to use this list now at this particular terminal line okay so this name should match if you are using some other name then this name should come here okay in the same way we can also apply this to line console and yes we can give here one additional command that is transport input as a transport input and s as h so it means only secure shell communication will be allowed through this one and this can also be applied to line console and therefore for that we need to go to line console 0 and then login authentication default so this is the default is the list from where this will check the database of the users now the server-based authentication so we discussed the local now server-based authentication in this case of course we need a server because server is needed here before that when the user wanted to access the ios the router was checking it locally but now we have a dedicated machine that is triple a server the router will send request to triple a server and server will check the database so in this time we need a server and the first command is to enable triple authentication as we did in local authentication same this is the second command we need to have on our routers and then we have to give information on this router because you see this router has to ask this server machines to to to check the credentials of these users it means now this router should be informed that now you need to go to this server triple a server then we need to go to global configuration mode of this router and we say this is the tecx servers i p address which we will be using so this is the ip address of this server so we say we are asking router to go to this particular server and for exchange or for communication between them we have set or we have defined one key so that key is newbie for small ub123 so this shared key will be used for example if i'm going to clear it so this shared key you will have a key here newbie one two three we will have a key new b123 by using this key they will exchange this information so this will be secure so we gave the key as well which we have already configured on this server and the matching key is used at this router as well and the third command which we discussed before as well what we do we just say triple authentication login and then we define a list and this list actually we are using this group this time group we are using tech server and local so first according to this command the first this router has to go and check with the tecx plus server and then it has to check the local if this fails then it has to go to the next option so this is the third command the set of command to configure authentication methods and then we are done then we need to go to that particular so this but the primary method and second one is backup method and then finally we need to go to that particular vty line and apply this list there so what we do with this the first command line vty04 we go to those particular vt by lines and the next command is that please use this list which we have defined in this command use this list for authentication so this is done by this okay and then yes transport input sh shs we transport input and ssh this command is actually saying that please allow only the ssh communication through this channel or through this vt by line okay and if you want to use the same list for the console then again we need to go like to console 4 line console 0 and then we use this command that is login authentication default so default means the list will be defined here so this is this is the simple way to enable triple authentication and then give information about the server which router will be using and then we create our configure authentication list and once we have created that list we go and apply that list to particular vty lines or console codes so with this bit understanding we will implement i will demonstrate the idea and back tracer and thank you thank you very much for your time you