Messages related to TACACS+ operation

The switch generates the CLI messages listed below. However, you may see other messages generated in your TACACS+ server application. For information on such messages, see the documentation you received with the application.

CLI Message

Meaning

Connecting to Tacacs server

The switch is attempting to contact the TACACS+ server identified in the switch tacacs-server configuration as the first-choice (or only) TACACS+ server.

Connecting to secondary Tacacs server

The switch was not able to contact the first-choice TACACS+ server, and is now attempting to contact the next (secondary) TACACS+ server identified in the switch tacacs-server configuration.

Invalid password

The system does not recognize the user name or the password or both. Depending on the authentication method (tacacs or local), either the TACACS+ server application did not recognize the user name/password pair or the user name/password pair did not match the user name/password pair configured in the switch.

No Tacacs servers responding

The switch has not been able to contact any designated TACACS+ servers. If this message is followed by the Username prompt, the switch is attempting local authentication.

Not legal combination of authentication methods

For console access, if you select tacacs as the primary authentication method, you must select local as the secondary authentication method. This prevents you from being locked out of the switch if all designated TACACS+ servers are inaccessible to the switch.

Record already exists

When resulting from a tacacs-server host <ip addr> command, indicates an attempt to enter a duplicate TACACS+ server IP address.