Symptom:On affected switches, the switch is slow to respond to login requests after reboot, displaying a repeated message of% Authentication failedwhile not allowing entry of the username for authentication. This problem fixes itself within minutes, but during the first few minutes of boot, login via telnet or console is impossible."show log" output from the same time period will show:%AAA-3-DROPACCTFAIL: Accounting record dropped, send to server failed: system Conditions:External accounting enabled for system events such as:aaa accounting system default start-stop group tacacs+Workaround:Wait for a few minutes after a reboot or restart event prior to telnetting into the switch. Further Problem Description:Symptoms are the same as those described in CSCsk50769.
Console stuck with "authentication failed" on save & reload for sys acco
Symptom: With 'aaa accounting' and 'aaa authen' configured on a switch, we are unable to login to the switch at all. Also, it's possible the switch will hang on issue of 'reload' from the CLI.Conditions: The two conditions must be met:- AAA accounting must be configured - AAA authentication must be configuredWorkaround: Disable 'AAA accounting' configuration
If matching the first bug you can also configure the IOS AAA command:
aaa accounting system guarantee-first
The above command explanation:
The aaa accounting system guarantee-first command guarantees system accounting as the
first record, which is the default condition. In some situations, users may be prevented
from starting a session on the console or terminal connection until after the system
reloads, which can take more than three minutes.
To establish a console or telnet session with the router if the AAA server is unreachable
when the router reloads, use the no aaa accounting system guarantee-first command.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :