Tacacs-related problems, Event log, All users are locked out of access to the switch – HP 2600 User Manual
Page 368
Troubleshooting
Unusual Network Activity
TACACS-Related Problems
Event Log.
When troubleshooting TACACS+ operation, check the switch’s
Event Log for indications of problem areas.
All Users Are Locked Out of Access to the Switch.
If the switch is func
tioning properly, but no username/password pairs result in console or Telnet
access to the switch, the problem may be due to how the TACACS+ server
and/or the switch are configured. Use one of the following methods to recover:
■
Access the TACACS+ server application and adjust or remove the
configuration parameters controlling access to the switch.
■
If the above method does not work, try eliminating configuration
changes in the switch that have not been saved to flash (boot-up
configuration) by causing the switch to reboot from the boot-up
configuration (which includes only the configuration changes made
prior to the last
write memory command.) If you did not use write
memory to save the authentication configuration to flash, then
pressing the Reset button or cycling the power reboots the switch
with the boot-up configuration.
■
Disconnect the switch from network access to any TACACS+ servers
and then log in to the switch using either Telnet or direct console port
access. Because the switch cannot access a TACACS+ server, it will
default to local authentication. You can then use the switch’s local
Operator or Manager username/password pair to log on.
■
As a last resort, use the Clear/Reset button combination to reset the
switch to its factory default boot-up configuration. Taking this step
means you will have to reconfigure the switch to return it to operation
in your network.
No Communication Between the Switch and the TACACS+ Server
Application.
If the switch can access the server device (that is, it can
ping
the server), then a configuration error may be the problem. Some possibilities
include:
■
The server IP address configured with the switch’s tacacs-server host
command may not be correct. (Use the switch’s
show tacacs-server
command to list the TACACS+ server IP address.)
C-18