TACACS+ related Error Messages

Error Code	Error Message	Description	Corrective Action
TAC31628	Limit of <max count> TACACS+ concurrent users reached.	TACACS+ concurrent user connections have reached the configured system limit.	Check the configuration file for the user limit.
TAC31629	TACACS+ request received from unknown TACACS+ client <switch IP>.	The incoming TACACS+ connection is dropped since it is received from an unknown host.	Check if the client IP address is configured in TACACS+ clients page.
TAC31628	Invalid TACACS+ packet from <switch IP>, discarding. Incorrect shared secret	The incoming TACACS+ connection is dropped due to shared-secret mismatch.	Check if the shared secret configured for the client is same when compared with the client request.
TAC31612	TACACS+ Shell authorization rejected for <user> on switch-<switch ip>. Reason- No session found	Exec authorization failure due to no session found.	Check if session is created in ‘Active users’ page.
TAC31612	TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No session found	Command authorization failure due to no session found.	Check if session is created in ‘active users’ page.
TAC31612	TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No Shell policy found for the assigned roles	Command authorization failure due to no shell policy assigned to roles.	Check if shell policy is configured and is correctly mapped to device group and roles.
TAC31612	TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- Matched with the rule – [command = <command> Arguments = <argument> action = deny] in shell policy-<policy name>	Command authorization failure due to action 'deny' set in command set.	Check the action configured in matched command set in shell policy page.
TAC31612	TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No match found. Default action is 'deny' in shell policy-<policy name>	Command authorization failure due to action 'deny' set in default action.	Check if none of the configured command set matched with the request. If yes, the check the default action configured.
AUT23458	Login failed using auth server System Local (Local Authentication). Reason: Failed	Login failure due to authentication failure.	Check if the role mapping is based on username or group name. If using groupname, ensure all groups are listed when you click on groups under role mapping.
AUT23458	Login failed. Reason: No Roles	Login failure due to no role available.	Check if the user is configured with an appropriate role and role mapping rules.
AUT31627	Received a TACACS+ Accounting stop request. Terminated Session	Session deletion due to accounting stop received.	Check if accounting stop request is sent by client.
ADM20664	Session timed out for <user>/<realm> due to inactivity (last access at <time>). Idle session identified during routine system scan.	Session deletion due to session timeout.	Login again as previous session is expired.

TAC31628

Limit of <max count> TACACS+ concurrent users reached.

TACACS+ concurrent user connections have reached the configured system limit.

Check the configuration file for the user limit.

TAC31629

TACACS+ request received from unknown TACACS+ client <switch IP>.

The incoming TACACS+ connection is dropped since it is received from an unknown host.

Check if the client IP address is configured in TACACS+ clients page.

TAC31628

Invalid TACACS+ packet from <switch IP>, discarding. Incorrect shared secret

The incoming TACACS+ connection is dropped due to shared-secret mismatch.

Check if the shared secret configured for the client is same when compared with the client request.

TAC31612

TACACS+ Shell authorization rejected for <user> on switch-<switch ip>. Reason- No session found

Exec authorization failure due to no session found.

Check if session is created in ‘Active users’ page.

TAC31612

TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No session found

Command authorization failure due to no session found.

Check if session is created in ‘active users’ page.

TAC31612

TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No Shell policy found for the assigned roles

Command authorization failure due to no shell policy assigned to roles.

Check if shell policy is configured and is correctly mapped to device group and roles.

TAC31612

TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- Matched with the rule – [command = <command> Arguments = <argument> action = deny] in shell policy-<policy name>

Command authorization failure due to action 'deny' set in command set.

Check the action configured in matched command set in shell policy page.

TAC31612

TACACS+ authorization rejected for command-<cmd> from <user> on switch-<switch ip>. Reason- No match found. Default action is 'deny' in shell policy-<policy name>

Command authorization failure due to action 'deny' set in default action.

Check if none of the configured command set matched with the request. If yes, the check the default action configured.

AUT23458

Login failed using auth server System Local (Local Authentication). Reason: Failed

Login failure due to authentication failure.

Check if the role mapping is based on username or group name. If using groupname, ensure all groups are listed when you click on groups under role mapping.

AUT23458

Login failed. Reason: No Roles

Login failure due to no role available.

Check if the user is configured with an appropriate role and role mapping rules.

AUT31627

Received a TACACS+ Accounting stop request. Terminated Session

Session deletion due to accounting stop received.

Check if accounting stop request is sent by client.

ADM20664

Session timed out for <user>/<realm> due to inactivity (last access at <time>). Idle session identified during routine system scan.

Session deletion due to session timeout.

Login again as previous session is expired.