Troubleshooting guide
3. Troubleshooting Functional Failures During Operation
30
Default restart
Push and hold the RESET button for at least five seconds.
Take care when performing a default restart. A startup due to the default restart does not
perform authentication by password, authentication when changing to administrator
mode (
enable command), or command authorization. The specified password takes
effect after the Switch restarts.
3.3.5 Command authorization using RADIUS/TACACS+ and local is not
possible
After RADIUS, TACACS+, or local authentication is successful and you log in to the Switch, if
command authorization fails or if a command cannot be executed due to an authorization error,
check the following:
1. Checking with the
show whoami command
Use the
show whoami command for the Switch to display and check the list of operation
commands that are permitted or restricted for the current user. Make sure that the command
list can be obtained as specified in the settings for the RADIUS or TACACS+ server. Also, if
the local command authorization is used, make sure that the command list has been set as
specified in the configuration.
2. Checking the server settings and configuration
Make sure that the settings related to the command authorization for the Switch are correct on
the RADIUS or TACACS+ server. Take care with the settings of the vendor-specific attributes
for RADIUS, or the service and attribute name settings for TACACS+. Also, if local
command authorization is used, make sure that the settings in the configuration are correct.
For details about the RADIUS, TACACS+, and local (configuration) settings, see the
Configuration Guide.
Notes on coding a command list
Note the handling of space characters when you code a command list for command
authorization for the Switch. For example, if "
show ip " (i.e., show ip followed by a
space) is specified in the permission command list, the
show ip interface is permitted,
but the
show ipv6 interface command is not permitted.
3. Action to take when all commands are restricted
If all commands are restricted due to, for example, incorrect settings, log in from the console
and modify the settings. If command authorization has also been implemented on the console
by the
aaa authorization commands console configuration command, perform a default
restart and then log in.
Default restart
Push and hold the RESET button for at least five seconds.
Take care when performing a default restart. A startup due to the default restart does not
perform authentication by password, authentication when changing to administrator
mode (
enable command), or command authorization. The specified password takes
effect after the Switch restarts.