Authentication Events

Invalid user name/password on Telnet/WebUI/SSH/Console session User <USERNAME> is trying to login from <CLIENT_IP_ADDRESS>

AUTHORIZED Access granted for access method Telnet/WebUI/SSH/Console

Conflict on port <PORT_NUM>: port-based 802.1x (client-limit=0) and Web/Mac-auth are both configured.

Unauthenticated VLAN can't be simultaneously enabled on both 802.1x and Web or MAC authentication for port <PORT_NUM>

Permit Command: user <USERNAME> command <COMMAND>.

Denied Command: user <USERNAME> command <COMMAND>.

User <USERNAME>: Operator and Manager mode password is reset

Console terminated due to inactivity

User <USERNAME>: Operator mode password is set

User <USERNAME>: Operator mode password is reset

User <USERNAME>: Manager mode password is set

User <USERNAME>: Manager mode password is reset

User <USERNAME> logged in from <CLIENT_IP_ADDRESS> to Telnet/WebUI/SSH/Console session

User <USERNAME> logged out of Telnet/WebUI/SSH/Console session from  <CLIENT_IP_ADDRESS>

Last login file access error

Creating user last login file

Corrupt or incompatible user last login file- recreating

Clearing user last login file

User last login table is full- replacing oldest user <USERNAME>

User <USERNAME> from CONSOLE is locked out for <LOCKOUT_PERIOD> seconds

Unknown users from <CONSOLE> are locked out for <LOCKOUT_PERIOD> seconds

The minimum password length is modified for user <USERNAME>. Update the local passwords to comply with the modified password length.

User <USERNAME> has been logged out from <IP_ADDRESS> due to session timeout

Bypassing the username for Operator and Manager access level is <ENABLED/DISABLED>.

Potential Cross Site Request Forgery (CSRF) attempt is detected from the HTTP session of the User <USERNAME> logged in from <IP_ADDRESS>

Local user <USERNAME> is added to the group <GROUPNAME>.

Local user <USERNAME> is deleted from the group GROUPNAME.

New command <COMMAND> is added to the group GROUPNAME.

Command <COMMAND> is deleted from the group GROUPNAME.

<USERNAME/PASSWORD> should be configured for the successful two-factor authentication.

Encrypt credentials enabled

Encrypt credentials disabled

Include credentials enabled

Include credentials disabled

Tagged VLAN membership changes on AAA enabled ports will NOT be applied immediately.

User <USERNAME> logout from <IP_ADDRESS> due to session killed by user for TELNET/WEBUI/SSH/CONSOLE session.

User <USERNAME> logout from <IP_ADDRESS> due to inactivity timer timeout for Telnet/WebUI/SSH/CONSOLE session

Hiding of sensitive data in standard secure mode <ENABLE/DISABLE>.

user-based-lockout is <ENABLE/DISABLE>.

User: '<USER_NAME>': <MESSAGE>

Authentication and authorization are configured with different methods. Command authorization may be skipped for some SSH/Telnet/WebUI/Console users.

Authentication and authorization are configured with the same method.Command authorization will be performed for all SSH/WebUI/Telent/CONSOLE users.

Command authorization method set to <LOCAL/RADIUS/TACACS>.

The password configuration feature is <ENABLED/DISABLED>.

The password aging feature is <ENABLED/DISABLED>.

The password history feature is <ENABLED/DISABLED>.

Global password aging time is set to <TIME> days.

User <USERNAME> password aging time is set to <TIME> days.

Global password aging alert before expiry time is set to <TIME> days.

Password expiry grace period configuration: LOGIN ATTEMPTS IS SET TO <GRACE_PERIOD_VALUE>.

Minimum password update interval is set to <TIME> hours.

Maximum password history record  number is set to NUMBER.

Display of last login user details by executing command 'show authentication last-login' is <ENABLED/DISABLED>.

The password complexity feature REPEAT USERNAME CHECK / REPEAT PASSWORD CHECK is <ENABLED/DISABLED>.

The password composition for character type ALPHABET/NUMBER/SPL_CHARACTERS is set to length of LENGTH.

User <USERNAME> denied access to the system; first time password change failed.

User <USERNAME> password is about to expire in <EXPIRY_TIME> days; password change is required.

Password for user <USERNAME> has expired; password change is required; <NUMBER_OF_LOGIN_ATTEMPTS> login attempts left within <TIME> days.

Password of user <USERNAME> expired; password update is required for the user to continue login.

User <USERNAME> password change failed; an invalid old password is entered.

User <USERNAME> password change failed; the password does not meet the configured composition rule.

User <USERNAME> password change failed; the password should not contain the <USERNAME> or reverse of the <USERNAME>.

User <USERNAME> password change failed; the password contains repetitive characters.

User <USERNAME> password change failed; the password is not differing from the previous password by at least 4 characters.

User <USERNAME> password change failed; the password has been used previously.

User <USERNAME> password change failed; the password can be updated only after the minimum update interval period.

User <USERNAME> password change failed; the password minimum <LENGTH> should be <LENGTH>.

History records cleared for <USERNAME> user.

User <USERNAME> has logged in for the first time; password change is required.

User <USER_NAME> password is modified.

lldp-bypass is enabled on port <PORT_ID>.

lldp-bypass is disabled on port <PORT_ID>.

The password non-plaintext-sha256 feature is <ENABLE/DISABLE>.

mac-pinning is <ENABLE/DISABLE> on port <PORT_NAME> for <LOCAL_MAC> authentication.

<Configuration status of client authentication for SSH>

Critical auth <VLAN_NAME> is configured on port <PORT_NAME>.

Critical auth <VLAN_NAME> is un-configured on port <PORT_NAME>.

Open auth <VLAN_NAME> is configured on port <PORT_NAME>.

Open auth <VLAN_NAME> is un-configured on port <PORT_NAME>.

RADIUS dead-time infinite is enabled.

RADIUS dead-time infinite is disabled.

Authentication interval is set to <INTERVAL> seconds.

'cached-reauth authorized' configured : When re-authentication cache timer expires- clients will be authorized on a port without authentication process.

'cached-reauth authorized' un-configured : clients are not authorized on a port without authentication process.

<8021x> client <CLIENT_NAME> is authorized on port <PORT_NAME>. Reason: cached re-authentication timer is expired.

Initial role '<ROLE_NAME>' is configured on port <PORT_NAME>.

Initial role '<ROLE_NAME>' is un-configured on port <PORT_NAME>.

Cannot apply open-auth user-role <ROLE_NAME>.

Authentication dead servers only is enabled.

Authentication dead servers only is disabled.

Authentication request packet count is set to <RADIUS_TRACK_REQ_PKT_COUNT>.

Authentication password modified.

Authentication order is <ENABLE/DISABLE> on port <PORT_NAME>.

Authentication order fallback is <ENABLE/DISABLE> on port <PORT_NAME>.

Authentication priority is <ENABLE/DISABLE> on port <PORT_NAME>.

console-lockout is <ENABLED/DISABLED>.

User <USER_NAME>: <URI_MESSAGE>

The command 'port-security <PORT_NAME> mac-address <MAC_ADDR_STR> is deleted from the configuration since the MAC address is same as switch MAC address.

The user name <USER_NAME>..' of length <USER_LENGTH> characters has exceeded the maximumallowable length of 64 characters.

User '<USER_NAME>':Minimum like character position check value is set to <AUTH_PWD_CHAR_CHECK_VALUE>.

User <USER_NAME> password cannot be changed since the like character position check failed. Minimum expected like character position change count is <PWD_POS_CHECK>.

User '<USER_NAME>':Password like character position check is disabled.

User '<USER_NAME>': The period for tracking the successful login attempts is set to <LOGIN_ATTEMPTS> days.

User '<USER_NAME>':The tracking of successful login attempts has been disabled.

User successful login file content is cleared.

User Success login file access error.

Recreating the user successful login file since the previousfile is corrupt or incompatible.

Unable to establish TLS session with RADIUS server <RADIUS_SERVER_STR>.

TLS session timed out with RADIUS server %s.

Firmware downgrade is not allowed when radius-server host with tls is configured. Please delete radius-server host IPv4/fqdn with tls manually to continue the downgrade.

Firmware downgrade is not allowed when ip source-interface for radsec is configured. Please delete ip source-interface for radsec manually to continue the downgrade.

Firmware downgrade is not allowed when lowest tls version for radsec is configured. Please delete lowest tls version for radsec manually to continue the downgrade.

NAS IP is not resolved for the RADIUS server <IP_ADDRESS>. Retrying ACCESS REQUEST.

PEAP SSL socket connection limit reached. Authentication failed for <USER_NAME_STR>