Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Dean Crook

Unable to login to console

Hi I've noticed a strange problem I think it's quite recent but cannot highlight what may have caused it.

I am unable to login to the console port on all devices that ive currently check on my network. I can SSH no problems.

I hit return when asked and it fails to authenticate 3 times with a blank username.

This gets failed by ACS because the blank user has no service selection rule.

I have run debug tacacs on a C4506e 12.2(44r)SG9

Feb 14 14:54:14.469: TPLUS: Queuing AAA Authentication request 179 for processing

Feb 14 14:54:14.469: TPLUS: processing authentication start request id 179

Feb 14 14:54:14.469: TPLUS: Authentication start packet created for 179()

Feb 14 14:54:14.469: TPLUS: Using server x.x.x.x

Feb 14 14:54:14.469: TPLUS(000000B3)/0/NB_WAIT/205AAD70: Started 5 sec timeout

Feb 14 14:54:14.469: TPLUS(000000B3)/0/NB_WAIT: socket event 2

Feb 14 14:54:14.469: TPLUS(000000B3)/0/NB_WAIT: wrote entire 29 bytes request

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: socket event 1

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: Would block while reading

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: socket event 1

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: read entire 12 header bytes (expect 6 bytes data)

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: socket event 1

Feb 14 14:54:14.469: TPLUS(000000B3)/0/READ: read entire 18 bytes response

Feb 14 14:54:14.469: TPLUS(000000B3)/0/205AAD70: Processing the reply packet

Feb 14 14:54:14.469: TPLUS: Received authen response status FAIL (3)

If I remove authentication from the line con 0 then i can connect.


aaa new-model



aaa authentication login ADMIN group tacacs+ local


aaa session-id common


line con 0

login authentication ADMIN

stopbits 1

Any help would be appreciated.


Hello Dean,

You might be running on either of the two following known issues:

CSCsw79561            Bug Details

DROPACCTFAIL: System Accounting fails with tacacs


On affected switches, the switch is slow to respond to login requests after reboot, displaying
a repeated message of

% Authentication failed

while not allowing entry of the username for authentication.  This problem fixes itself within
minutes, but during the first few minutes of boot, login via telnet or console is impossible.

"show log" output from the same time period will show:

%AAA-3-DROPACCTFAIL: Accounting record dropped, send to server failed:


External accounting enabled for system events such as:

aaa accounting system default start-stop group tacacs+


Wait for a few minutes after a reboot or restart event prior to telnetting into the switch.

Further Problem Description:

Symptoms are the same as those described in CSCsk50769.


CSCsx07352            Bug Details

Console stuck with "authentication failed" on save & reload for sys acco

With 'aaa accounting' and 'aaa authen' configured on a switch, we are unable to login to the switch at all.
Also, it's possible the switch will hang on issue of 'reload' from the CLI.

The two conditions must be met:

- AAA accounting must be configured
- AAA authentication must be configured

Disable 'AAA accounting' configuration

If this was helpful please rate.




If matching the first bug you can also configure the IOS AAA command:

aaa accounting system guarantee-first

The above command explanation:

The aaa accounting system guarantee-first command guarantees system accounting as the
first record, which is the default condition. In some situations, users may be prevented
from starting a session on the console or terminal connection until after the system
reloads, which can take more than three minutes.

To establish a console or telnet session with the router if the AAA server is unreachable
when the router reloads, use the no aaa accounting system guarantee-first command.


Thanks for your response but none of the above match the problem.

I do not have any accounting configured.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube