IronPort Systems 4108GL

18-14

Troubleshooting

Unusual Network Activity

Troubleshooting

■If the above method does not work, try eliminating configuration

changes in the switch that have not been saved to flash (boot-up

configuration) by causing the switch to reboot from the boot-up

configuration (which includes only the configuration changes made

prior to the last write memory command.) If you did not use write

memory to save the authentication configuration to flash, then

pressing the Reset button or cycling the power reboots the switch

with the boot-up configuration.

■Disconnect the switch from network access to any TACACS+ servers

and then log in to the switch using either Telnet or direct console port

access. Because the switch cannot access a TACACS+ server, it will

default to local authentication. You can then use the switch’s local

Operator or Manager username/password pair to log on.

■As a last resort, use the Clear/Reset button combination to reset the

switch to its factory default boot-up configuration. Taking this step

means you will have to reconfigure the switch to retur n it to operation

in your network.

No Communication Between the Switch and the TACACS+ Server

Application. If the switch can access the server device (that is, it can ping

the server), then a configuration error may be the problem. Some po ssiblities

include:

■The server IP address configured with the switch’s tacacs-server host

command may not be correct. (Use the swit ch’s show tacacs-server

command to list the TACACS+ server IP address.)

■The encryption key configured in the server does not match the

encryption key configured in the switch (by using the tacacs-server

key command). Verify the key in the server and compare it to the key

configured in the switch. (Use show tacacs-server to list the global key.

Use show config or show config running to list any server-specific keys.)

■The accessible TACACS+ servers are not configured to provide

service to the switch.

Access Is Denied Even Though the Username/Password Pair Is

Correct. Some reasons for denial include the following par ameters

controlled by your TACACS+ server application:

■The account has expired.

■The access attempt is through a port that is not allowed for the

account.