1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. N5K-M1600 - Expansion Module - 6 Ports
  6. Troubleshooting manual

Cisco N5K-M1600 - Expansion Module - 6 Ports Troubleshooting Manual page 135

Troubleshooting guide
Hide thumbs
Table of Contents

Advertisement

Chapter 6
Troubleshooting Security Issues
S e n d d o c u m e n t c o m m e n t s t o n e x u s 5 k - d o c f e e d b a c k @ c i s c o . c o m .
If you try to configure TACACS+ along with RADIUS, syslog messages similar toto the example, as
shown in the example, appear during login.
Example:
2010 May 19 16:12:19 mars %$ VDC-1 %$ %RADIUS-2-RADIUS_NO_AUTHEN_INFO: ASCII
authentication not supported
2010 May 19 16:12:19 mars %$ VDC-1 %$ %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication
failed for user oregon-regress from 10.193.128.5 - login[5698]
Authentication fallback method appears inoperable
The NX-OS supported fallback method for authentication is that if all the AAA remote RADIUS or
TACACS+ servers are unreachable, then the log in attempts to authenticate the SSH/Telnet user locally.
However, the login to the Nexus 5000 switch might still fail with the local authentication.
Possible Cause
The local user database does not contain the user account that the user is using to login with.
Solution
Perform the following steps to check the authentication fallback method.
By using the show user-account command, you can determiine which user-account was created through
Note
REMOTE authentication. A user account that was created with REMOTE authentication cannot be used
for a local (fallback) login.
OL-25300-01
As a best practice, include the aaa authentication login error-enable command in the
configuration. When it is included in the configuration, the login session sees whether the fallback
method is operating correctly. If messages, such as "Remote AAA servers unreachable; local
authentication done" or "Remote AAA servers unreachable; local authentication failed", are
received, then the fallback method is operating correctly.
If the remote AAA servers are not accessible, check to see if the local user database has the user
credential for local authentication. Use the show user-account command to display the credential.
Create local user accounts with the username <username> password <password> role <role
name> command until the remote AAA servers become accessible.
Cisco Nexus 5000 Series Troubleshooting Guide
AAA
6-7
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco N5K-M1600 - Expansion Module - 6 Ports

Related Products for Cisco N5K-M1600 - Expansion Module - 6 Ports

This manual is also suitable for:

N5k-pac-550w= - power supply - hot-plugN5k-c5010p-bf - nexus 5010 switchN5k-c5020p-bf - nexus 5020 switchNexus 5000 series

Table of Contents