1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. N5K-M1600 - Expansion Module - 6 Ports
  6. Troubleshooting manual

Aaa - Cisco N5K-M1600 - Expansion Module - 6 Ports Troubleshooting Manual

Troubleshooting guide
Hide thumbs
Table of Contents

Advertisement

AAA

S e n d d o c u m e n t c o m m e n t s t o n e x u s 5 k - d o c f e e d b a c k @ c i s c o . c o m .
Solution
NX-OS does not activate role configuration changes dynamically. You needs to log in again to have the
configuration changes to the new role come into effect.
CLI rejects feature-group removal
The CLI rejects the no role feature-group name <group-name> command when the administrator tries
to delete a feature-group.
Possible Cause
A CLI error indicates that the feature group is in use, which means that it is included in one of the role
configurations.
Solution
To address the error, perform the following steps:
AAA
User cannot login through TACACS+ or RADIUS authentication
With the server group properly configured for the Nexus 5000 switch and the server group is assigned
the aaa authentication login default configuration on TACACS+ or RADIUS servers, the Telnet or SSH
login fails to authenticate users with the following error:
%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
Possible Cause
AAA group is not configured with the correct VRF to access servers.
Solution
Perform the following steps to enable login:
Cisco Nexus 5000 Series Troubleshooting Guide
6-4
Use the show role | egrep role:|feature-group command to display which feature group is
associated with the role or under which role.
Detach the association with the no rule command within the role configuration mode, and then
delete the feature group.
Check which AAA group is being used for authentication with the show running-config aaa and
show aaa authentication commands.
For TACACS+, check the VRF association with the AAA group with the show tacacs-server
groups and show running-config tacacs+ commands.
For RADIUS, check the VRF association with the AAA group with the show radius-server groups
and show running-config radius commands.
Correct the VRF association, then test the VRF setting with the test aaa group <name>
<username> <password> command.
If the test aaa command returns the error, "user has failed authentication", then the server is
accessable but the credentials for the user account are incorrect. Verify that the user configuration
is correct on the server.
Chapter 6
Troubleshooting Security Issues
OL-25300-01
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco N5K-M1600 - Expansion Module - 6 Ports

Related Content for Cisco N5K-M1600 - Expansion Module - 6 Ports

This manual is also suitable for:

N5k-pac-550w= - power supply - hot-plugN5k-c5010p-bf - nexus 5010 switchN5k-c5020p-bf - nexus 5020 switchNexus 5000 series

Table of Contents