1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. N5K-M1600 - Expansion Module - 6 Ports
  6. Troubleshooting manual

Cisco N5K-M1600 - Expansion Module - 6 Ports Troubleshooting Manual page 133

Troubleshooting guide
Hide thumbs
Table of Contents

Advertisement

Chapter 6
Troubleshooting Security Issues
S e n d d o c u m e n t c o m m e n t s t o n e x u s 5 k - d o c f e e d b a c k @ c i s c o . c o m .
Possible Cause
AAA server is not accessable in network.
Solution
If the problem persists after correcting the VRF association and correcting the user-account credentials,
then perform the following:
Unable to decode content of packets with Wireshark
AAA packets were captured from the network, but Wireshark was unable to decode the content of the
packets.
Possible Cause
AAA packets are encrypted while the host key is enabled.
Solution
Perform the following steps to decode the content:
Role assignment fails when user logs in
Role assignment fails when the user logs in. (From the perspective of the Nexus 5000 switch AAA.)
Possible Cause
Assuming that the ACS or TACACS+ and RADIUS has the Cisco av pair configured correctly, then the
problem might be that the internal or local VRF assignment for the user login is not working correctly.
Solution
OL-25300-01
If the test aaa command returns the error, "error authenticating to server", the route to the server
might be missing in the configuration. Use the ping <server> command, if the AAA server is
associated with the default VRF. If it is associated with VRF management, use the ping <server>
vrf management command.
If the message "No route to host" appears, then the static route to the server is not configured
properly. Reconfigure the IP route in the corresponding VRF context.
Enter the ping <server> command again. If the command is successful, then use the test aaa group
<name> <username> <password> command.
If the ping <server> command is unsuccessful, then check the network connectivity, such as if the
ARP entry of the nexthop router is displayed in the show ip arp [vrf management] command or if
the ARP entry of the Nexus 5000 switch exists in the nexthop router's ARP table.
Use the no tacacs-server command to delete the TACACS server configuration.
Reconfigure the TACACS server without specifying any key.
Reconfigure the AAA client for the Nexus 5000 switch on the Network Configuration page in ACS
while removing the host key.
Re-do the wire tapping. The captured packetsnow should not be encrypted and the data content
should be decoded properly by Wireshark.
After the packet capturing, the administrator should revert to the host key configuration for better
security.
Cisco Nexus 5000 Series Troubleshooting Guide
AAA
6-5
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco N5K-M1600 - Expansion Module - 6 Ports

Related Products for Cisco N5K-M1600 - Expansion Module - 6 Ports

This manual is also suitable for:

N5k-pac-550w= - power supply - hot-plugN5k-c5010p-bf - nexus 5010 switchN5k-c5020p-bf - nexus 5020 switchNexus 5000 series

Table of Contents