Troubleshooting tacacs+ operation, Troubleshooting tacacs+ operation -13 – IronPort Systems 4108GL User Manual

18-13

Troubleshooting

Unusual Network Activity

Tro
ubl
e

shoo
tin

g

redundant links to another switch. If the other device sends traffic over
multiple VLANs, its MAC address will consistently appear in multiple VLANs
on the switch port to which it is linked.

Note that attempting to create redundant paths through the use of VLANs will
cause problems with some switches. One symptom is that a duplicate MAC
address appears in the Port Address Table of one port, and then later appears
on another port. While the Switch 4108GL has multiple forwarding databases,
and thus does not have this problem, some switches with a single forwarding
database for all VLANs may produce the impression that a connected device
is moving among ports because packets with the same MAC address but
different VLANs are received on different ports. You can avoid this problem
by creating redundant paths using port trunks or spanning tree.

Figure 18-2. Example of Duplicate MAC Address

Troubleshooting TACACS+ Operation

Event Log.

When troubleshooting TACACS+ operation, checkthe switch’s

Event Log for indications of problem areas.

All Users Are Locked Out of Access to the Switch.

If the switch is func-

tioning properly, but no username/password pairs result in console or Telnet
access to the switch, the problem may be due to how the TACACS+ server
and/or the switch are configured. Use one of the following methods to recover:

■

Access the TACACS+ server application and adjust or remove the
configuration parameters controlling access to the switch.

Server

Switch 4108GL

(Multiple

Forwarding

Database)

Switch with

Single

Forwarding

Database

MAC Address "A"; VLAN 1

MAC Address "A"; VLAN 2

Problem: This switch detects
continual moves of MAC
address "A" between ports.

VLAN 1

VLAN 2