Validation rules

Validation

Error/Warning/Prompt

If access-list name is not valid.

Please enter a valid access-list name.

If the authentication method is being set to two-factor authentication, various messages display.

If both the public key and username/password are not configured: Public key and username/password should be configured for a successful two-factor authentication.

If public key is configured and username is not configured:

Username and password should be configured for a successful two-factor authentication.

If the username is configured and public key is not configured:

Public key should be configured for a successful two-factor authentication.

If “ssh-server” certificate is not installed at the time of enabling certificate-password authentication:

The “ssh-server” certificate should be installed for a successful two-factor authentication.

If the authentication method is set to two-factor while installing the public key, a message displays.

The client public keys without username will not be considered for the two-factor authentication for the SSH session.

If the username and the key installation user for that privilege do not match, a message displays and installation is not allowed.

This will also happen when the authentication method is set for two-factor.

The username in the key being installed does not match the username configured on the switch.

If the maximum number of <username : TA profile> associations is reached for a given TA profile, a message displays.

Maximum number of username associations with a TA profile is 10.

If secondary authentication type for two-factor authentication chosen is not "none", a message displays.

Not legal combination of authentication methods.

If the authentication method is anything other than two-factor and the two-factor authentication method options are set, a message displays.

Not legal combination of authentication methods.

If two-factor authentication is set and user tries to SSH into another system using ssh <ip | hostname> command, a message displays.

SSH client is not supported when the two-factor authentication is enabled.

If timeSync is in SNTP or Timep when NTP is enabled.

Timesync is not configured to NTP.

If timesync is NTP and NTP is enabled and we try to change timesync to SNTP.

Disable NTP before changing timesync to SNTP or TIMEP.

If we try to configure NTP servers more than the configured max-associations value.

The maximum number of NTP servers allowed is 2.

If we have ‘n’ NTP servers configured and we try to configure a max-associations value less than (n) number of NTP servers already configured.

Max-associations value cannot be less than the number of NTP servers configured.

If authentication key-id is not configured.

Authentication key-id %d has not been configured.

If key-id is not marked as trusted.

Key-id %d is not trusted.

If min poll value is more than max poll value.

NTP max poll value should be more than min poll value.

If ipv6 is not enabled on vlan interface.

IPv6 address not configured on the VLAN.