1 00:00:14,570 --> 00:00:20,750 So let's run a simulation, in packet tracer, I'll go to simulation mode, here's the console of router 2 00:00:20,750 --> 00:00:25,190 1 and I'll login with my username David, password 3 00:00:25,190 --> 00:00:33,380 Cisco notice I'm logging into the console of the router but a TCP packet is generated and is sent 4 00:00:33,800 --> 00:00:35,300 to the server. 5 00:00:36,800 --> 00:00:45,800 Inbound PDU received by the server has a source of the router destination is the AAA server, Port number's 6 00:00:45,800 --> 00:00:46,450 49. 7 00:00:47,030 --> 00:00:49,310 So this is a Tacacs TCP packet. 8 00:00:50,830 --> 00:00:51,850 Packet goes back. 9 00:00:53,860 --> 00:00:56,020 A Tacacs packet is now sent 10 00:00:57,170 --> 00:01:05,900 to the Tacacs server, if I click on that notice, the inbound PDU shows us that the source of the 11 00:01:05,900 --> 00:01:07,670 packet is the router. 12 00:01:09,140 --> 00:01:17,900 Destination is the Tacacs server scrolling down in the TCP header, we can see that the destination 13 00:01:17,900 --> 00:01:19,100 is Port 49. 14 00:01:20,840 --> 00:01:30,590 This is a Tacacs packet notice data is encrypted, Tacacs encrypts the data between the router and the 15 00:01:30,590 --> 00:01:37,010 server, but there we can see clearly that it's a Tacacs packet going to the Tacacs server. 16 00:01:39,740 --> 00:01:47,680 The AAA server is sending back a Tacacs packet to the router, so the source is the Tacacs server or AAA 17 00:01:47,720 --> 00:01:49,940 server destination is the router. 18 00:01:50,540 --> 00:01:57,670 We can see the TCP source port is 49, going to the ephemeral or random port number on the router. 19 00:01:58,340 --> 00:02:00,020 We can see it's a Tacacs packet. 20 00:02:01,200 --> 00:02:09,180 So the packet gets sent back to the router, that process will continue until authentication has been 21 00:02:09,180 --> 00:02:09,860 completed. 22 00:02:11,760 --> 00:02:13,680 Notice here we are seeing spanning tree messages. 23 00:02:15,590 --> 00:02:19,670 But at this point, I have now logged into the router, if I type enable, 24 00:02:21,600 --> 00:02:24,990 more TCP and Tacacs packets are now generated. 25 00:02:27,800 --> 00:02:31,670 Some of the messages have been generated by the switch, I'll go through those quickly. 26 00:02:33,040 --> 00:02:34,690 I'll restart the simulation. 27 00:02:35,780 --> 00:02:41,390 So I'll try that again, enable notice as soon as I typed enable. 28 00:02:42,500 --> 00:02:44,210 Tacacs packets are generated. 29 00:02:45,990 --> 00:02:48,870 Username is going to be David, Password is going to be Cisco. 30 00:02:49,910 --> 00:02:51,200 As soon as I enter that, 31 00:02:52,570 --> 00:02:55,000 notice we can see Tacacs packets being sent 32 00:02:56,150 --> 00:02:56,990 between 33 00:02:59,060 --> 00:03:08,180 the router and the Tacacs server, so again, inbound PDU on the switch source IP address is, the router 34 00:03:08,180 --> 00:03:09,920 destination is the server. 35 00:03:11,180 --> 00:03:14,590 TCP port is port 49, Tacacs 36 00:03:14,600 --> 00:03:16,850 Protocol data is encrypted 37 00:03:18,570 --> 00:03:26,940 and that will continue until authentication has completed and notice I can get into enable mode on the 38 00:03:26,940 --> 00:03:27,400 router. 39 00:03:28,230 --> 00:03:31,410 So that was simulation mode with Tacacs. 40 00:03:31,420 --> 00:03:32,790 Let's have a look at radius. 41 00:03:34,000 --> 00:03:42,160 So I'll go back to simulation mode on router 2 connect to the console and log in, as Peter Pan notice, 42 00:03:42,160 --> 00:03:43,720 a radius packet has generated. 43 00:03:46,300 --> 00:03:52,510 Inbound PDU on the switch source IP address is router 2 destination IP address 44 00:03:54,520 --> 00:04:03,610 is the server. Notice this is using UDP, destination port is 16454, so it's not TCP, it's UDP. 45 00:04:04,540 --> 00:04:12,070 Radius uses UDP, not TCP notice the destination port is 1645. 46 00:04:12,220 --> 00:04:13,210 That is the default. 47 00:04:14,320 --> 00:04:17,560 So we can see radius packets being generated between 48 00:04:19,190 --> 00:04:26,120 the router and the server and notice I've logged in. Type enable 49 00:04:27,910 --> 00:04:28,930 capture forward. 50 00:04:29,900 --> 00:04:31,400 We've got radius packets 51 00:04:33,300 --> 00:04:34,530 being generated again. 52 00:04:41,370 --> 00:04:42,840 Put my username and password in. 53 00:04:44,590 --> 00:04:46,450 Radius packets are being generated 54 00:04:50,300 --> 00:04:55,940 and notice, I've logged in, so again how run type include AAA. 55 00:04:57,290 --> 00:05:04,850 Include radius notice the authentication port used by default in radius is 1645. 56 00:05:05,390 --> 00:05:15,320 So that's why when I type exit and logged back in with my username password, the destination port number 57 00:05:15,350 --> 00:05:20,180 used in the packet is 1645. 58 00:05:22,130 --> 00:05:23,780 This is a UDP packet. 59 00:05:29,230 --> 00:05:30,910 So let's have a look at this packet. 60 00:05:30,970 --> 00:05:37,270 This was the reply from the AAA server, data is shown in clear text. 61 00:05:37,270 --> 00:05:38,230 It's not encrypted. 62 00:05:39,150 --> 00:05:45,690 Source and destination port number, this is a reply from the server to the router. 63 00:05:46,830 --> 00:05:55,020 So there you go, we've proven that when you log in to a device, we can see the Tacacs and Radius messages 64 00:05:55,020 --> 00:06:00,420 between the devices and the Radius and Tacacs of AAA. 65 00:06:01,410 --> 00:06:03,240 So how did you do in this lab? 66 00:06:03,420 --> 00:06:05,370 Were you able to complete the lab? 67 00:06:05,970 --> 00:06:07,140 Did you get it working? 68 00:06:07,500 --> 00:06:10,770 Do you understand the differences between radius and tacacs? 69 00:06:11,280 --> 00:06:17,190 Make sure that you understand the theory of both radius and tacacs, but I'm hoping that this lab has 70 00:06:17,190 --> 00:06:22,380 helped you understand the concepts and implementation of both tacacs and radius.