Unknown users allowed to login to the switch – HP 2600 User Manual
Page 369
Troubleshooting
Unusual Network Activity
■
The encryption key configured in the server does not match the
encryption key configured in the switch (by using the
tacacs-server
key command). Verify the key in the server and compare it to the key
configured in the switch. (Use
show tacacs-server to list the global key.
Use
show config
or
show config running
to list any server-specific keys.)
■
The accessible TACACS+ servers are not configured to provide
service to the switch.
Access Is Denied Even Though the Username/Password Pair Is
Correct.
Some reasons for denial include the following parameters
controlled by your TACACS+ server application:
■
The account has expired.
■
The access attempt is through a port that is not allowed for the
account.
■
The time quota for the account has been exhausted.
■
The time credit for the account has expired.
■
The access attempt is outside of the time frame allowed for the
account.
■
The allowed number of concurrent logins for the account has been
exceeded
For more help, refer to the documentation provided with your TACACS+
server application.
Unknown Users Allowed to Login to the Switch.
Your TACACS+ appli
cation may be configured to allow access to unknown users by assigning them
the privileges included in a default user profile. Refer to the documentation
provided with your TACACS+ server application.
System Allows Fewer Login Attempts than Specified in the Switch
Configuration.
Your TACACS+ server application may be configured to
allow fewer login attempts than you have configured in the switch with the
aaa authentication num-attempts command.
C-19