What are the possible causes for SSH and TACACS authentication failure on S series switches

9

For S series switches (except S1700 switches), SSH and TACACS authentication failure is commonly caused by no default authentication mode for SSH users. If no authentication mode is specified for SSH users, users cannot access the Internet through SSH.
To solve the problem, run the ssh authentication-type default password command to configure password authentication for SSH users when configuring SSH authentication.

Other related questions:
What are the possible causes for SSH+TACACS authentication failure
There is no default authentication mode for SSH users. If no authentication mode is specified for SSH users, users cannot access the Internet. Solution: When configuring SSH authentication, run the ssh authentication-type default password command to configure password authentication for SSH users.

What are possible causes for L2TP dial-up failures of the AR router
Possible causes for L2TP dialup failures are as follows: - The firewall is configured on the public network or the local PC has the firewall, so L2TP packets are discarded. - When corresponding L2TP port is disabled or occupied, UDP port 1701 is often used. For example, ACL and NAT are configured. - The user name and password of the LAC are incorrect, or no users are specified for the LNS. - The configured address is incorrect. For example, the statically configured address of the VT interface is incorrect. - Tunnel authentication modes are different. - LCP renegotiation is not configured. - The IP address allocation is improper. The IP address pool has a small address range or not configured. - Gateway addresses are not configured in the IP address pool, so gateway addresses are allocated to clients. - There are unreachable routes. - In the L2TP group view, the specified tunnel name at the remote end is incorrect. - The configured authentication domain is incorrect. - L2TP negotiation fails because control packets sent by clients of the local PC do not carry the SQ. - When IPSec encryption is used, the IPSec parameters on the two ends of the tunnel are inconsistent.

Possible causes for a failure to ping an IPv6 address
In V100R002 and later versions, the IPv6 address of a device fails to be pinged due to the following possible causes: l. The physical state or protocol state of the interface is Down. You can run the display ipv6 interface interface-type interface-number command in any view to check the physical state and protocol state of an interface. 2. The switch fails to learn ND entries of the peer device. You can run the display ipv6 neighbors command in any view to check information about ND entries. 3. The link transmission delay is too long. The source device does not receive any Response packet from the destination device within the waiting time, and the ping operation fails. You can run the ping ipv6 -t timeout destination-ipv6-address command in any view to set “-t&rdquo to increase the timeout interval for waiting for Response packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top