KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

371

372

373

374

375

376

377

378

379

380

The public key file you are trying to download has one of the following problems:

• A key in the file is too long. The maximum key length is 1024 characters, including spaces.

This could also mean that two or more keys are merged together instead of being separated

by a CRLF.

• There are more than ten public keys in the key file.

• One or more keys in the file is corrupted or is not a valid rsa public key.

Client ceases to respond ("hangs") during connection phase.

The switch does not support data compression in an SSH session. Clients often have compression

turned on by default, but then disable it during the negotiation phase. A client that does not

recognize the compression-request FAILURE response may fail when attempting to connect. Ensure

that compression is turned off before attempting a connection to prevent this problem.

TACACS-related problems

Event Log

When troubleshooting TACACS+ operation, check the switch's Event Log for indications of problem

areas.

All users are locked out of access to the switch

If the switch is functioning properly, but no username/password pairs result in console or Telnet

access to the switch, the problem may be caused by how the TACACS+ server and/or the switch

are configured. Use one of the following methods to recover:

• Access the TACACS+ server application and adjust or remove the configuration parameters

controlling access to the switch.

• If the above method does not work, try eliminating configuration changes in the switch that

have not been saved to flash (boot-up configuration) by causing the switch to reboot from the

boot-up configuration (which includes only the configuration changes made prior to the last

write memory command.) If you did not use write memory to save the authentication

configuration to flash, pressing the Reset button or cycling the power reboots the switch with

the boot-up configuration.

• Disconnect the switch from network access to any TACACS+ servers and then log in to the

switch using either Telnet or direct console port access. Because the switch cannot access a

TACACS+ server, it defaults to local authentication. You can then use the switch's local

Operator or Manager username/password pair to log on.

• As a last resort, use the Clear/Reset button combination to reset the switch to its factory

default boot-up configuration. Taking this step means you will have to reconfigure the switch

to return it to operation in your network.

No communication between the switch and the TACACS+ server application

If the switch can access the server device (that is, it can ping the server), a configuration error

may be the problem. Some possibilities include:

• The server IP address configured with the switch's tacacs-server host command may

not be correct. (Use the switch's show tacacs-server command to list the TACACS+

server IP address.)

• The encryption key configured in the server does not match the encryption key configured in

the switch (by using the tacacs-server key command.) Verify the key in the server and

compare it to the key configured in the switch. (Use show tacacs-server to list the global

key. Use show config or show config running to list any server-specific keys.)

• The accessible TACACS+ servers are not configured to provide service to the switch.

Unusual network activity 379