1 00:00:14,360 --> 00:00:19,850 So we've created another user on the server and we verified that to the user can log in. 2 00:00:20,570 --> 00:00:26,370 We need to verify now that the local backup user cannot log in when the server is reachable. 3 00:00:27,170 --> 00:00:35,960 So when router 1 pings to the switch as an example, we can't log in using the backup user, but we 4 00:00:35,960 --> 00:00:39,620 can log in using AAA user accounts. 5 00:00:40,370 --> 00:00:42,380 So that works but 6 00:00:42,380 --> 00:00:47,000 then we need to verify what happens when we disable the port on the switch. 7 00:00:47,810 --> 00:00:56,750 So at the moment we have IP connectivity from the devices to the AAA server so router 2 can ping the AAA 8 00:00:57,110 --> 00:01:08,840 server, which means that when router 1 telnet to router 2, we have to log in using a user name 9 00:01:09,560 --> 00:01:11,750 on the AAA server. 10 00:01:13,060 --> 00:01:14,560 We can't log in 11 00:01:16,090 --> 00:01:23,110 with a local user account, so the backup user doesn't work here. 12 00:01:26,150 --> 00:01:27,170 So try that again. 13 00:01:27,940 --> 00:01:29,140 I can log in as David 14 00:01:30,140 --> 00:01:36,660 but notice I cannot log in as the backup user, but I can log in as Peter Pan. 15 00:01:37,970 --> 00:01:42,170 So what happens if we disable the connection on the switch? 16 00:01:43,550 --> 00:01:51,530 So interface gigabit 102, I'll shut that port down, so this port is now disabled. 17 00:01:52,310 --> 00:01:55,300 How does that affect connections to the router? 18 00:01:56,080 --> 00:01:58,460 So I'll Log-in is David, password is Cisco. 19 00:01:58,740 --> 00:02:00,680 Notice it's taking a long time. 20 00:02:01,950 --> 00:02:08,830 We have to wait for this to time out, but at the moment, I can't log in as David, notice invalid log 21 00:02:08,830 --> 00:02:08,840 in. 22 00:02:09,600 --> 00:02:12,420 I'll try and log in as the backup user. 23 00:02:13,230 --> 00:02:21,390 You again may need to wait quite a while for the connections to fail and then revert back to using a 24 00:02:21,390 --> 00:02:22,800 local username and password. 25 00:02:23,800 --> 00:02:30,880 But notice, after a long time, I was able to log in as the backup user, when I type enable there's 26 00:02:30,880 --> 00:02:35,090 a long delay because the router is trying to connect to the AAA server. 27 00:02:35,590 --> 00:02:42,010 Remember, we enabled AAA for both login 28 00:02:42,920 --> 00:02:43,880 and enable. 29 00:02:44,980 --> 00:02:52,390 Use my backup user account, password of Cisco may take a while, but again, I should be able to log in 30 00:02:52,930 --> 00:02:53,680 using 31 00:02:54,770 --> 00:03:00,860 my local username and password. I'm going to speed up the video, but this is taking a long time 32 00:03:01,250 --> 00:03:04,460 but notice eventually I can log into router 2 33 00:03:06,970 --> 00:03:08,860 but if we go back to the switch 34 00:03:10,060 --> 00:03:17,830 and re-enable that port, we need to wait for spanning tree to converge, but once that's done, the 35 00:03:17,830 --> 00:03:26,620 backup local user account will no longer work, but the AAA accounts should start working, so I should be 36 00:03:26,620 --> 00:03:29,560 able to log back in as David or Peter Pan. 37 00:03:30,530 --> 00:03:31,290 So there you go. 38 00:03:31,310 --> 00:03:39,890 So Log-in is David, password is Cisco, I can log straight into the router login as Peter, I can 39 00:03:39,890 --> 00:03:40,330 log in. 40 00:03:41,180 --> 00:03:43,580 So that proves that 41 00:03:45,480 --> 00:03:50,750 the backup account is only used when AAA is not available. 42 00:03:51,750 --> 00:04:00,540 We can do that test again, notice if I log in as backup it fails, I've got a login as a AAA user 43 00:04:01,110 --> 00:04:03,390 to succeed when the connection is up. 44 00:04:03,960 --> 00:04:11,400 But when the connection is down between the devices and the AAA server, the local user account is used. 45 00:04:11,910 --> 00:04:13,890 So we've now completed the verification. 46 00:04:14,250 --> 00:04:15,840 Let's run a simulation.