Filter
Top Products
Troubleshooting
Unusual Network Activity
■ The encryption key configured in the server does not match the
encryption key configured in the switch (by using the tacacs-server
key command). Verify the key in the server and compare it to the key
configured in the switch. (Use show tacacs-server to list the global key.
Use
show config or show config running to list any server-specific keys.)
■ The accessible TACACS+ servers are not configured to provide
service to the switch.
Access Is Denied Even Though the Username/Password Pair Is
Correct. Some reasons for denial include the following parameters
controlled by your TACACS+ server application:
■ The account has expired.
■ The access attempt is through a port that is not allowed for the
account.
■ The time quota for the account has been exhausted.
■ The time credit for the account has expired.
■ The access attempt is outside of the time frame allowed for the
account.
■ The allowed number of concurrent logins for the account has been
exceeded
For more help, refer to the documentation provided with your TACACS+
server application.
Unknown Users Allowed to Login to the Switch. Your TACACS+ appli-
cation may be configured to allow access to unknown users by assigning them
the privileges included in a default user profile. Refer to the documentation
provided with your TACACS+ server application.
System Allows Fewer Login Attempts than Specified in the Switch
Configuration. Your TACACS+ server application may be configured to
allow fewer login attempts than you have configured in the switch with the
aaa authentication num-attempts command.
C-19