2.6 ACCESS

00000002

E3

Login incorrect <user name>.

An attempt to log in by using the <user name> account was made, but the login was not allowed.

<user name>: User name

[Action]

1. There might have been an unauthorized access (failed account or password authentication) to the Switch from a remote host permitted at the console or the configuration. Check the operational status of the remote host that is permitted at the console or the configuration.

2. This log data is collected even when a legitimate user executes an incorrect operation during login. Therefore, even if this log message is collected, the operation of the remote host might be normal.

3. Check if the account was already registered for the Switch by using the adduser command.

   (Confirmation method: Check if the user has a home directory in ls /usr/home/)

00000003

E3

Login refused for too many users logged in.

An attempt was made to connect using telnet or SSH, but the connection was not allowed because the number of logged-in users was exceeded.

[Action]

1. Check the number of users who are currently logged in.

2. If necessary, increase the limit for the number of users who can log in for the configuration.

00005002

E3

Login <user name> from <host> (<term>).

A user logged in.

<user name>: User name

<host>: Host ID

• For remote operation terminals: IP addressing

• For a console terminal: console

<term>: Terminal name

• For remote operation terminal: pts/0 ~

• For console-terminal: ttyS0

[Action]

None.

00005003

E3

Logout <user name> from <host> (<term>).

A user logged out.

<user name>: User name

<host>: Host ID

• For remote operation terminals: IP addressing

• For a console terminal: console

<term>: Terminal name

• For remote operation terminal: pts/0 ~

• For console-terminal: ttyS0

[Action]

None.

00010001

E3

SNMP agent program received packet from <ip address> with unexpected community name <community name>.

The SNMP agent received a packet that had the unexpected community name <community name> from <ip address>.

<ip address> SNMP manager IP addressing

<community name>: Community name

[Action]

Access was attempted to the Switch from a location other than the locations permitted by the SNMP manager for the configuration. This message is output if the IP address and the community name of the SNMP manager do not match the IP address and the community name of an SNMP manager permitted for the configuration. Check the configuration to make sure that the IP address and the community name of the SNMP manager that accesses the Switch are identical to <ip address >and <community name>. If they do not match, invalid access might be occurring. Contact the administrator of the SNMP manager to tell the responsible party not to access the SNMP manager at <ip address>.

The Switch suppresses repeated output to the operation log of accesses from an invalid IP address or community. A maximum of 16 invalid IP address are saved and, for each saved IP address, one out of every 128 invalid access attempts is output to the log.

00030001

E3

Local authentication succeeded.

Local authentication was performed and was successful for a user login request or request to change the administrator mode (enable command).

[Action]

None.

00030002

E3

Local authentication failed.

Local authentication was performed but authentication failed for a user login request or request to change the administrator mode (enable command).

[Action]

1. An invalid attempt to access the Switch might have occurred for a remote host permitted by the configuration. Check the operational status of the remote host.

2. This log data is collected even when a legitimate user executes an incorrect operation (such as incorrect password entry) during login. Therefore, even if this log message is collected, the operation of the remote host might be normal.

00030003

E3

RADIUS authentication accepted from <host>.

RADIUS authentication was performed successfully for a user login request or request to change the administrator mode (enable command).

<host>: IP address or host name of the RADIUS server

[Action]

None.

00030004

E3

RADIUS authentication rejected from <host>. "<message>"

RADIUS authentication was attempted, but authentication failed for a user login request or request to change the administrator mode (enable command).

<host>: IP address or host name of the RADIUS server

<message>: RADIUS server response message

[Action]

1. An invalid attempt to access the Switch might have occurred for a remote host permitted by the configuration. Check the operational status of the remote host.

2. This log data is collected even when a legitimate user executes an incorrect operation (such as incorrect password entry) during login. Therefore, even if this log message is collected, the operation of the remote host might be normal.

3. Check the RADIUS server setting.

00030005

E3

RADIUS server (<host>) didn't response.

RADIUS authentication was attempted for a user login request or request to change the administrator mode (enable command), but the RADIUS server did not respond.

<host>: IP address or host name of the RADIUS server

[Action]

1. Check the configuration to make sure that the RADIUS server IP address is correct.

2. Check the RADIUS server configuration to make sure that the RADIUS server port number is correct.

3. Make sure that the RADIUS server is turned on.

4. Make sure that the IP address of this switch is registered for the client IP address on the RADIUS server side.

00030006

E3

RADIUS server configuration is not defined.

RADIUS authentication was attempted for a user login request or request to change the administrator mode (enable command), but a RADIUS server configuration has not been set up.

[Action]

1. Check that a RADIUS configuration is set up.

2. Make sure that acct-only is specified for the RADIUS configuration and that authentication is not limited.

00030007

E3

Invalid response received from <host>.

RADIUS or TACACS+ authentication was attempted for a user login request or request to change the administrator mode (enable command), but the response from RADIUS or TACACS+ server was invalid.

<host>: IP address or host name of RADIUS or TACACS+ server

[Action]

Make sure that the same RADIUS or TACACS+ key is specified for the Switch and the RADIUS or TACACS+ server.

00030008

E3

RADIUS authentication failed.

RADIUS authentication failed for a user login request or request to change the administrator mode (enable command)

[Action]

If any other operation log messages for RADIUS authentication were output, refer to them.

0003000a

E3

Can't communicate with RADIUS server (<host>).

Communication with the RADIUS server failed.

<host>: IP address or host name of the RADIUS server

[Action]

1. Make sure that there is a route to the RADIUS server.

2. If you are specifying a host name for the RADIUS server, make sure that name resolution can be performed.

0003000b

E3

RADIUS authorization response with no contents.

RADIUS command authorization was performed, but a command list was not properly obtained from the RADIUS server.

[Action]

Make sure that Class, Alaxala-Allow-Commands, and Alaxala-Deny-Commands are properly set in the RADIUS server settings (vendor-specific setting for the Switch).

00030013

E3

TACACS+ authentication accepted from <host>.

TACACS+ authentication was successfully performed for a user login request or request to change the administrator mode (enable command).

<host>: IP address or host name of the TACACS+ server

[Action]

None.

00030014

E3

TACACS+ authentication rejected from <host>.

TACACS+ authentication was attempted for a user login request or request to change the administrator mode (enable command), but the TACACS+ server denied it.

<host>: IP address or host name of the TACACS+ server

[Action]

1. An invalid attempt to access the Switch might have occurred for a remote host permitted by the configuration. Check the operational status of the remote host.

2. This log data is collected even when a legitimate user executes an incorrect operation (such as incorrect password entry) during login. Therefore, the operation status of the remote host might be correct, even if this log data is collected.

3. Check the TACACS+ server setting.

00030015

E3

TACACS+ server (<host>) didn't response.

TACACS+ authentication and command authorization (if there is a command authorization specification in the TACACS+ configuration) were attempted for a user login request or request to change the administrator mode (enable command), but the TACACS+ server did not respond.

<host>: IP address or host name of the TACACS+ server

[Action]

1. Check the configuration to make sure that the TACACS+ server IP address is correct.

2. Make sure that the TACACS+ server is turned on.

00030016

E3

TACACS+ server configuration is not defined.

TACACS+ authentication was attempted for a user login request or request to change the administrator mode (enable command), but a TACACS+ server configuration did not exist.

[Action]

1. Make sure that a TACACS+ configuration is set up.

2. Make sure that acct-only is specified for the TACACS+ configuration and the authentication is not limited.

00030018

E3

TACACS+ authentication failed.

TACACS+ authentication failed for a user login request or request to change the administrator mode (enable command).

[Action]

If any other operation log messages were output for TACACS+ authentication, refer to them.

0003001a

E3

Can't communicate with TACACS+ server (<host>).

Communication with the TACACS+ server failed.

<host>: IP address or host name of the TACACS+ server

[Action]

1. Make sure that there is a route to the TACACS+ server.

2. If you are specifying the TACACS+ server by using a host name, make sure that name resolution can be performed.

3. Check the TACACS+ server configuration to make sure that the TACACS+ server port number is correct.

4. Make sure that the TACACS+ server is turned on.

5. Make sure that the IP address of the Switch is registered for the client IP address on the TACACS+ server side.

0003001b

E3

TACACS+ authorization response with no contents.

TACACS+ command authorization was performed but a command list was not properly obtained from the TACACS+ server.

[Action]

Make sure that class, allow-commands, and deny-commands are properly set in the TACACS+-server settings (vendor-specific setting for the Switch).

0003001c

E3

TACACS+ authorization rejected from <host>.

TACACS+ authentication was attempted for a user login request or request to change the administrator mode (enable command), but the TACACS+ server denied it.

<host>: IP address or host name of the TACACS+ server

[Action]

1. Make sure that the service name is correct in the TACACS+ server settings (vendor-specific setting for the Switch).

2. Check other settings on TACACS+ server side.

0003001d

E3

Local authorization response with no contents.

Local command authorization was performed, but there is no user name and corresponding command class or command list settings.

[Action]

Make sure that settings for the command class (username view-class) and the command list (username view, parser view, commands exec) are set correctly for users authenticated using local login.