HP ProCurve Management And Configuration Manual page 606

Troubleshooting
Unusual Network Activity
C-22
The encryption key configured in the server does not match the
■
encryption key configured in the switch (by using the tacacs-server
key command). Verify the key in the server and compare it to the key
configured in the switch. (Use show tacacs-server to list the global key.
Use or
show config
The accessible TACACS+ servers are not configured to provide
■
service to the switch.
Access Is Denied Even Though the Username/Password Pair Is
Correct. Some reasons for denial include the following parameters
controlled by your TACACS+ server application:
The account has expired.
■
■ The access attempt is through a port that is not allowed for the
account.
■ The time quota for the account has been exhausted.
■ The time credit for the account has expired.
The access attempt is outside of the time frame allowed for the
■
account.
The allowed number of concurrent logins for the account has been
■
exceeded
For more help, refer to the documentation provided with your TACACS+
server application.
Unknown Users Allowed to Login to the Switch. Your TACACS+ appli­
cation may be configured to allow access to unknown users by assigning them
the privileges included in a default user profile. Refer to the documentation
provided with your TACACS+ server application.
System Allows Fewer Login Attempts than Specified in the Switch
Configuration. Your TACACS+ server application may be configured to
allow fewer login attempts than you have configured in the switch with the
aaa authentication num-attempts command.
to list any server-specific keys.)
show config running