Access Is Denied Even Though The Username/Password Pair Is Correct; Unknown Users Allowed To Login To The Switch; System Allows Fewer Login Attempts Than Specified In The Switch Configuration; Timep, Sntp, Or Gateway Problems - HP Aruba JL253A Management And Configuration Manual

in the switch. (Use show tacacs-server to list the global key. Use show config or show config
running to list any server-specific keys.)
• The accessible TACACS+ servers are not configured to provide service to the switch.

Access is denied even though the username/password pair is correct

Some reasons for denial include the following parameters controlled by your TACACS+ server application:
• The account has expired.
• The access attempt is through a port that is not allowed for the account.
• The time quota for the account has been exhausted.
• The time credit for the account has expired.
• The access attempt is outside of the time frame allowed for the account.
• The allowed number of concurrent logins for the account has been exceeded.
For more help, see the documentation provided with your TACACS+ server application.

Unknown users allowed to login to the switch

Your TACACS+ application may be configured to allow access to unknown users by assigning them the privileges
included in a default user profile. See the documentation provided with your TACACS+ server application.

System allows fewer login attempts than specified in the switch configuration

Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in
the switch with the aaa authentication num-attempts command.

TimeP, SNTP, or Gateway problems

The switch cannot find the time server or the configured gateway

TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the
DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have
ports assigned to it.

VLAN-related problems

Monitor port

When using the monitor port in a multiple-VLAN environment, the switch handles broadcast, multicast, and
unicast traffic output from the monitor port as follows:
• If the monitor port is configured for tagged VLAN operation on the same VLAN as the traffic from monitored
ports, the traffic output from the monitor port carries the same VLAN tag.
• If the monitor port is configured for untagged VLAN operation on the same VLAN as the traffic from the
monitored ports, the traffic output from the monitor port is untagged.
• If the monitor port is not a member of the same VLAN as the traffic from the monitored ports, traffic from the
monitored ports does not go out the monitor port.
Chapter 13 Troubleshooting 471