memory to save the authentication configuration to flash, then
pressing the Reset button or cycling the power reboots the switch
with the boot-up configuration.
Disconnect the switch from network access to any TACACS+ servers
and then log in to the switch using either Telnet or direct console port
access. Because the switch cannot access a TACACS+ server, it will
default to local authentication. You can then use the switch's local
Operator or Manager username/password pair to log on.
As a last resort, use the Clear/Reset button combination to reset the
switch to its factory default boot-up configuration. Taking this step
means you will have to reconfigure the switch to return it to operation
in your network.
No Communication Between the Switch and the TACACS+ Server
Application. If the switch can access the server device (that is, it can ping
the server), then a configuration error may be the problem. Some possibilities
The server IP address configured with the switch's tacacs-server host
command may not be correct. (Use the switch's show tacacs-server
command to list the TACACS+ server IP address.)
The encryption key configured in the server does not match the
encryption key configured in the switch (by using the tacacs-server
key command). Verify the key in the server and compare it to the key
configured in the switch. (Use show tacacs-server to list the global key.
show config running
The accessible TACACS+ servers are not configured to provide
service to the switch.
Access Is Denied Even Though the Username/Password Pair Is
Correct. Some reasons for denial include the following parameters
controlled by your TACACS+ server application:
The account has expired.
The access attempt is through a port that is not allowed for the
The time quota for the account has been exhausted.
The time credit for the account has expired.
Unusual Network Activity
to list any server-specific keys.)