Unable to Log On by any Means
If you cannot log on by any means, perform the following steps.
Procedure
Examples
Check if you enabled both TACACS+ and RADIUS on the switch:
Switch:1>enable Switch:1(config)#show tacacs Global Status: global enable : false authentication enabled for : cli accounting enabled for : none authorization : disabled User privilege levels set for command authorization : None Server: create : Prio Status Key Port IP address Timeout Single Source SourceEnabled Primary NotConn ****** 3 192.0.2.254 30 true 5.5.5.5 true Backup NotConn ****** 47 198.51.100.1 10 false 0.0.0.0 false Switch:1>show radius acct-attribute-value : 193 acct-enable : false acct-include-cli-commands : false access-priority-attribute : 192 auth-info-attr-value : 91 command-access-attribute : 194 cli-commands-attribute : 195 cli-cmd-count : 40 cli-profile-enable : false enable : false igap-passwd-attr : standard igap-timeout-log-fsize : 512 maxserver : 10 mcast-addr-attr-value : 90 supported-vendor-ids : 1584, 562, 1916 secure-flag : false
Check if the administrative and operation status of the port is up:
Switch:1#show interfaces gigabitethernet 1/2 ================================================================================ Port Interface ================================================================================ PORT LINK PORT PHYSICAL STATUS NUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN OPERATE -------------------------------------------------------------------------------- 1/2 257 1000BaseTX true false 1950 00:24:7f:a1:70:61 up up ================================================================================ Port Name ================================================================================ PORT OPERATE OPERATE OPERATE NUM NAME DESCRIPTION STATUS DUPLEX SPEED VL AN -------------------------------------------------------------------------------- 1/2 1000BaseTX up full 1000 Ta gged ================================================================================ Port Config ================================================================================ PORT DIFF-SERV QOS MLT VENDOR --More-- (q = quit)
Check if the switch has a route configured to the server network:
Switch:1(config)#show ip route ========================================================================================== IP Route - GlobalRouter ========================================================================================== NH INTER DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF ------------------------------------------------------------------------------------------ 198.51.100.1 255.255.255.255 192.0.2.65 GlobalRouter 1 100 OSPF 0 IB 125 198.51.100.5 255.255.255.255 192.0.2.5 - 1 0 LOC 0 DB 0 198.51.100.13 255.255.255.255 GlobalRouter 10 1000 ISIS 0 IBS 7 198.51.100.200 255.255.255.255 GlobalRouter 10 1000 ISIS 0 IBS 7 4 out of 4 Total Num of Route Entries, 4 Total Num of Dest Networks displayed. -------------------------------------------------------------------------------- TYPE Legend: I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Rout e, U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route PROTOCOL Legend: v=Inter-VRF route redistributed
Check if the Segmented Management
Instance has a route configured to the server
network:
Switch:1(config)#show mgmt ip route ========================================================================================== Mgmt IPv4 Route Information - Table main ========================================================================================== DEST/MASK NEXTHOP METRIC INTERFACE TYPE ------------------------------------------------------------------------------------------ 198.51.100.0/16 198.51.100.1 300 Mgmt-oob1 STATIC 198.51.100.0/23 0.0.0.0 1 Mgmt-oob1 LOCAL 192.0.2.0/8 192.0.2.1 300 Mgmt-oob1 STATIC 3 out of 3 Total Num of mgmt ip route displayed ------------------------------------------------------------------------------------------