10-31-2010 09:49 AM - edited 03-06-2019 01:48 PM
Anyone know why there is an %Authentication failed message that pops up for a couple minutes after reboot? Is there any way to get this to stop so you can login immediately after boot? I only seems to happen in newer IOS version anything older then a couple years does not get the message.
Thanks
-Patrick
10-31-2010 12:59 PM
Patrick,
Please provide more information about your issue - you surely understand that there is no reliable technical information in your current query to base an answer on.
Best regards,
Peter
10-31-2010 01:14 PM
we are using tacacs ... on a L2 switch. Management is on vlan 1
here is the HW/SW version
switch uptime is 2 years, 5 weeks, 1 day, 8 hours, 40 minutes
System returned to ROM by power-on
System restarted at 07:26:12 CDT Thu Sep 25 2008
System image file is "flash:c2960-lanbasek9-mz.122-44.SE2.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
cisco WS-C2960G-48TC-L (PowerPC405) processor (revision A0) with 0K/4088K bytes of memory.
Processor board ID FOC1047X2QR
Last reset from power-on
1 Virtual Ethernet interface
48 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1A:6C:4A:72:80
Motherboard assembly number : 73-10300-06
Power supply part number : 341-0098-02
Motherboard serial number : FOC104708Z8
Power supply serial number : AZS1044039H
Model revision number : A0
Motherboard revision number : B0
Model number : WS-C2960G-48TC-L
System serial number : FOC1047X2QR
Top Assembly Part Number : 800-27071-01
Top Assembly Revision Number : C0
Version ID : V01
CLEI Code Number : COM4A10BRA
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 48 WS-C2960G-48TC-L 12.2(44)SE2 C2960-LANBASEK9-M
Configuration register is 0xF
switch#
Here is the aaa config
aaa new-model
!
!
aaa group server tacacs+ name
server x.x.x.x1
server x.x.x.x2
!
aaa authentication login default group name local
aaa authentication enable default group name group name enable
aaa accounting exec default start-stop group name
aaa accounting commands 0 default start-stop group name
aaa accounting commands 1 default start-stop group name
aaa accounting commands 15 default start-stop group name
aaa accounting connection default start-stop group name
aaa accounting system default start-stop group name
!
!
10-31-2010 01:18 PM
this can be duplicated on a 4510, 3750 etc ... or even if it is not connected to the network we see the issue ... that we can not login for 2 -3 minutes.
10-31-2010 01:33 PM
Patrick,
Thank you for your response. I am thinking of the transient connectivity issues that happen after the device ends booting up and the STP is not yet converged, the routing tables are not yet populated, etc. - these are the most probable causes.
Have you tried decreasing the timeout for the TACACS+ server so that the device does not try to connect for an overly long period of time? Try using the command
tacacs-server timeout 3
Also, are you using hostnames instead of IP addresses in your configuration? The DNS lookup may take quite a long time. You may also want to shorten it:
ip domain timeout 5
Best regards,
Peter
10-31-2010 01:36 PM
thanks for the info ... can you clarify why this happens? i.e. if I have the device configured for tacacs auth and boot it without connecting it to the network ... why do I have to wait to log into it?
10-31-2010 01:53 PM
Patrick,
To be completely honest, I don't know for sure what is happening or whether my suggestions will help for sure. I will get to the lab on Tuesday on the earliest, I can give it a try then. Unfortunately, till then, I am just trying to deduce some logical reason. I haven't ecountered a similar behavior yet but I've got to give it a try.
Best regards,
Peter
10-31-2010 02:37 PM
Anyone know why there is an %Authentication failed message that pops up for a couple minutes after reboot?
Hi Patrick,
This is normal. I have about 500 switches in my network and every time the appliance reboots, I have to wait for approximately 3 minutes for AAA to kick in. Otherwise, I'm greeting this this :
Password:
Password authentication failed.
Please verify that the username and password are correct.
Password:
10-31-2010 02:39 PM
Thanks I appreciate the response ... now to find out why this is normal and if it can be turned off.
10-31-2010 03:11 PM
Leo,
Thanks. This issue is obviously above my comprehension
Best regards,
Peter
10-31-2010 03:39 PM
This issue is obviously above my comprehension
Hi Peter,
That'll be a first!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide