HP 2910AL User Manual

Troubleshooting
Unusual Network Activity

■

The encryption key configured in the server does not match the
encryption key configured in the switch (by using the

tacacs-server

key command). Verify the key in the server and compare it to the key
configured in the switch. (Use

show tacacs-server to list the global key.

Use

show config

or

show config running

to list any server-specific keys.)

■

The accessible TACACS+ servers are not configured to provide
service to the switch.

Access Is Denied Even Though the Username/Password Pair Is
Correct.

Some reasons for denial include the following parameters

controlled by your TACACS+ server application:

■

The account has expired.

■

The access attempt is through a port that is not allowed for the
account.

■

The time quota for the account has been exhausted.

■

The time credit for the account has expired.

■

The access attempt is outside of the time frame allowed for the
account.

■

The allowed number of concurrent logins for the account has been
exceeded

For more help, refer to the documentation provided with your TACACS+
server application.

Unknown Users Allowed to Login to the Switch.

Your TACACS+ appli­

cation may be configured to allow access to unknown users by assigning them
the privileges included in a default user profile. Refer to the documentation
provided with your TACACS+ server application.

System Allows Fewer Login Attempts than Specified in the Switch
Configuration.

Your TACACS+ server application may be configured to

allow fewer login attempts than you have configured in the switch with the
aaa authentication num-attempts command.

C-22