Authentication Events
The following are the events related to authentication.
Event ID: 419 (Severity: Warning)
|
Message |
Invalid user name/password on Telnet/WebUI/SSH/Console session User <USERNAME> is trying to login from <CLIENT_IP_ADDRESS> |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the username/password authentication has failed. |
Event ID: 989 (Severity: Warning)
|
Message |
AUTHORIZED Access granted for access method Telnet/WebUI/SSH/Console |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that a user was given authorization for an access method. |
Event ID: 990 (Severity: Warning)
|
Message |
Conflict on port <PORT_NUM>: port-based 802.1x (client-limit=0) and Web/Mac-auth are both configured. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that port-based 802.1x is co-existing with web auth or mac auth; probably from legacy config. Such configuration may have one of these features mal-functions. |
Event ID: 991 (Severity: Warning)
|
Message |
Unauthenticated VLAN can't be simultaneously enabled on both 802.1x and Web or MAC authentication for port <PORT_NUM> |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that unauthenticated VLAN can not be simultaneously enabled on both 802.1x and Web/Mac authentication for a port. |
Event ID: 992
|
Message |
Permit Command: user <USERNAME> command <COMMAND>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a local user account executed a command they had authorization for |
Event ID: 993 (Severity: Warning)
|
Message |
Denied Command: user <USERNAME> command <COMMAND>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that a local user account executed a command they didn't have authorization for |
Event ID: 2710
|
Message |
User <USERNAME>: Operator and Manager mode password is reset |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the password of either the manager and operator is modified. |
Event ID: 2713 (Severity: Warning)
|
Message |
Console terminated due to inactivity |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the console session is terminated due to inactivity. |
Event ID: 2714
|
Message |
User <USERNAME>: Operator mode password is set |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the operator username/password is configured. |
Event ID: 2715
|
Message |
User <USERNAME>: Operator mode password is reset |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the operator username/password is reset. |
Event ID: 2716
|
Message |
User <USERNAME>: Manager mode password is set |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the manager username/password is configured. |
Event ID: 2717
|
Message |
User <USERNAME>: Manager mode password is reset |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the manager username/password is reset. |
Event ID: 3362
|
Message |
User <USERNAME> logged in from <CLIENT_IP_ADDRESS> to Telnet/WebUI/SSH/Console session |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the user has logged into the swith with one of the management sessions (SSH, telnet, console, webUI). |
Event ID: 3363
|
Message |
User <USERNAME> logged out of Telnet/WebUI/SSH/Console session from <CLIENT_IP_ADDRESS> |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the user has logged out from the swith from one of the management sessions ( SSH,telnet, console,webUI). |
Event ID: 3364 (Severity: Fatal)
|
Message |
Last login file access error |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Fatal |
|
Description |
This log event informs that there is an error while accessing last login file. |
Event ID: 3365
|
Message |
Creating user last login file |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the last login file is created. |
Event ID: 3366 (Severity: Warning)
|
Message |
Corrupt or incompatible user last login file- recreating |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that there is corruption or incompatible user last login file, so recreating. |
Event ID: 3367
|
Message |
Clearing user last login file |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the clearing of the last login file. |
Event ID: 3368 (Severity: Warning)
|
Message |
User last login table is full- replacing oldest user <USERNAME> |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user last login table is full and replacing the oldest user. |
Event ID: 3369 (Severity: Warning)
|
Message |
User <USERNAME> from CONSOLE is locked out for <LOCKOUT_PERIOD> seconds |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that a user is locked out for the mentioned time in seconds. |
Event ID: 3385 (Severity: Warning)
|
Message |
Unknown users from <CONSOLE> are locked out for <LOCKOUT_PERIOD> seconds |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that unknown users are locked out for specified time in seconds. |
Event ID: 3386 (Severity: Warning)
|
Message |
The minimum password length is modified for user <USERNAME>. Update the local passwords to comply with the modified password length. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the minimum password length is modified for a user. This requires reconfiguration of password to comply with the new minimum password length. |
Event ID: 3387
|
Message |
User <USERNAME> has been logged out from <IP_ADDRESS> due to session timeout |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the user has been logged out from a session due to session timeout. |
Event ID: 3388 (Severity: Warning)
|
Message |
Bypassing the username for Operator and Manager access level is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that bypassing the username for operator and manager. |
Event ID: 3390 (Severity: Warning)
|
Message |
Potential Cross Site Request Forgery (CSRF) attempt is detected from the HTTP session of the User <USERNAME> logged in from <IP_ADDRESS> |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that potential cross site request forgery (CSRF) attempt is detected from the HTTP session for a user. |
Event ID: 3391
|
Message |
Local user <USERNAME> is added to the group <GROUPNAME>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a user is added to a local group. |
Event ID: 3392
|
Message |
Local user <USERNAME> is deleted from the group GROUPNAME. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a user is deleted from a local group. |
Event ID: 3393
|
Message |
New command <COMMAND> is added to the group GROUPNAME. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a new command is added to a local group. |
Event ID: 3394
|
Message |
Command <COMMAND> is deleted from the group GROUPNAME. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a command is deleted from a local group. |
Event ID: 3397 (Severity: Warning)
|
Message |
<USERNAME/PASSWORD> should be configured for the successful two-factor authentication. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
The reason why the management password has configured for the successful two factor authentication. |
Event ID: 4235
|
Message |
Encrypt credentials enabled |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that encrypt credentials are enabled. |
Event ID: 4236
|
Message |
Encrypt credentials disabled |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the encrypt credentails are disabled. |
Event ID: 4237
|
Message |
Include credentials enabled |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the include credentials are enabled. |
Event ID: 4238
|
Message |
Include credentials disabled |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the include credentails are disabled. |
Event ID: 4239
|
Message |
Tagged VLAN membership changes on AAA enabled ports will NOT be applied immediately. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the tagged VLAN membership changes on AAA enabled ports will be applied immediately. |
Event ID: 4241 (Severity: Warning)
|
Message |
User <USERNAME> logout from <IP_ADDRESS> due to session killed by user for TELNET/WEBUI/SSH/CONSOLE session. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that a user has logged out from a session due to the session being killed by the user. |
Event ID: 4242 (Severity: Warning)
|
Message |
User <USERNAME> logout from <IP_ADDRESS> due to inactivity timer timeout for Telnet/WebUI/SSH/CONSOLE session |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that a user is logged out from a session due to inactivity timer timeout. |
Event ID: 4246
|
Message |
Hiding of sensitive data in standard secure mode <ENABLE/DISABLE>. |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates if the hide sensitive data is enabled/disabled in standard secure-mode. |
Event ID: 4247
|
Message |
user-based-lockout is <ENABLE/DISABLE>. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicated the user-based-lockout is enabled or disabled. |
Event ID: 4248
|
Message |
User: '<USER_NAME>': <MESSAGE> |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates the following : 1.front-panel-security display-in-config is enabled/disbaled. 2. Operator and Manager mode passwords are cleared by pressing the CLEAR button. |
Event ID: 4693 (Severity: Warning)
|
Message |
Authentication and authorization are configured with different methods. Command authorization may be skipped for some SSH/Telnet/WebUI/Console users. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
Image version mismatch with the peer. |
Event ID: 4694
|
Message |
Authentication and authorization are configured with the same method.Command authorization will be performed for all SSH/WebUI/Telent/CONSOLE users. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the authentication and authorization are configured to be same and command authorization will be performed for all users. |
Event ID: 4695
|
Message |
Command authorization method set to <LOCAL/RADIUS/TACACS>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configuration of the command authorization method. |
Event ID: 4926
|
Message |
The password configuration feature is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the status of the password configuration feature ( enable/disable). |
Event ID: 4927
|
Message |
The password aging feature is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the status of the password aging feature ( enable/disable). |
Event ID: 4928
|
Message |
The password history feature is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the status of the password history feature ( enable/disable). |
Event ID: 4929
|
Message |
Global password aging time is set to <TIME> days. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the password global aging time. |
Event ID: 4930
|
Message |
User <USERNAME> password aging time is set to <TIME> days. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the user password aging time. |
Event ID: 4931
|
Message |
Global password aging alert before expiry time is set to <TIME> days. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the password alert before expiry time. |
Event ID: 4932
|
Message |
Password expiry grace period configuration: LOGIN ATTEMPTS IS SET TO <GRACE_PERIOD_VALUE>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the password expiry grace period. |
Event ID: 4933
|
Message |
Minimum password update interval is set to <TIME> hours. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the minimum password update interval time. |
Event ID: 4934
|
Message |
Maximum password history record number is set to NUMBER. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the maximum password history record. |
Event ID: 4935
|
Message |
Display of last login user details by executing command 'show authentication last-login' is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the enable/disable the display of the last login user details by execution of the command " |
Event ID: 4936
|
Message |
The password complexity feature REPEAT USERNAME CHECK / REPEAT PASSWORD CHECK is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the configured value of the password complexity. |
Event ID: 4937
|
Message |
The password composition for character type ALPHABET/NUMBER/SPL_CHARACTERS is set to length of LENGTH. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs the length of the password composition for a particular character type (uppercase, lowercase, numbers and special characters). |
Event ID: 4938 (Severity: Warning)
|
Message |
User <USERNAME> denied access to the system; first time password change failed. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This event is logged when the user access is denied due to the failure in the first time password change. |
Event ID: 4939 (Severity: Warning)
|
Message |
User <USERNAME> password is about to expire in <EXPIRY_TIME> days; password change is required. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs as in how many days the password is about to expire and requires a change in password. |
Event ID: 4940 (Severity: Warning)
|
Message |
Password for user <USERNAME> has expired; password change is required; <NUMBER_OF_LOGIN_ATTEMPTS> login attempts left within <TIME> days. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log informs that the password for a user has expired and password update is required. This also informs as how many attempts and days are left for the user as grace period. |
Event ID: 4941 (Severity: Warning)
|
Message |
Password of user <USERNAME> expired; password update is required for the user to continue login. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log informs that the password for a user has expired and password update is required for the user to continue login. |
Event ID: 4942 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; an invalid old password is entered. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user has entered an invalid old password and hence the password change has failed. |
Event ID: 4943 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password does not meet the configured composition rule. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the password did not meet the configured composition rule. |
Event ID: 4944 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password should not contain the <USERNAME> or reverse of the <USERNAME>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the password contains username or the reverse of the username. |
Event ID: 4945 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password contains repetitive characters. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the password contains the repetitive characters. |
Event ID: 4946 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password is not differing from the previous password by at least 4 characters. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the entered password is not differing the previous one by atleast 4 characters. |
Event ID: 4947 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password has been used previously. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the entered password has been used previously. |
Event ID: 4948 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password can be updated only after the minimum update interval period. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the user password change has failed since the password can be updated only after the minimum update interval period. |
Event ID: 4949 (Severity: Warning)
|
Message |
User <USERNAME> password change failed; the password minimum <LENGTH> should be <LENGTH>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that password change has failed due the failure in minimum password length check. |
Event ID: 4950 (Severity: Warning)
|
Message |
History records cleared for <USERNAME> user. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that the history records are cleared for a user. |
Event ID: 4951 (Severity: Warning)
|
Message |
User <USERNAME> has logged in for the first time; password change is required. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This log event informs that password change is required since the user has logged in for the first time. |
Event ID: 4952
|
Message |
User <USER_NAME> password is modified. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that the user password has been modified. |
Event ID: 5354
|
Message |
lldp-bypass is enabled on port <PORT_ID>. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that lldp-bypass is enabled on the port <PORT_ID> for the port number |
Event ID: 5355
|
Message |
lldp-bypass is disabled on port <PORT_ID>. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that lldp-bypass is disabled on the port <PORT_ID> for the port number |
Event ID: 5381
|
Message |
The password non-plaintext-sha256 feature is <ENABLE/DISABLE>. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that non-plaintext-sha256 is enabled/disabled. The password non-plaintext-sha256 feature is <ENABLE/DISABLE>. |
Event ID: 5385
|
Message |
mac-pinning is <ENABLE/DISABLE> on port <PORT_NAME> for <LOCAL_MAC> authentication. |
|
Platforms |
KB, WB, WC, YA, YB |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that mac-pinning is enabled on the port. |
Event ID: 5503 (Severity: Warning)
|
Message |
<Configuration status of client authentication for SSH> |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This rmon event indicates the configuration status of client authentication for SSH |
Event ID: 5705
|
Message |
Critical auth <VLAN_NAME> is configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that critical auth vlan/user-role is de-configured on the port. |
Event ID: 5706
|
Message |
Critical auth <VLAN_NAME> is un-configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that critical auth vlan/user-role is de-configured on the port. |
Event ID: 5707
|
Message |
Open auth <VLAN_NAME> is configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that open auth vlan/user-role is configured on the port. |
Event ID: 5708
|
Message |
Open auth <VLAN_NAME> is un-configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that open auth vlan/user-role is de-configured on the port. |
Event ID: 5709
|
Message |
RADIUS dead-time infinite is enabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that authorizaton after cached reauthentication timeout, is enabled. |
Event ID: 5710
|
Message |
RADIUS dead-time infinite is disabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that authorizaton after cached reauthentication timeout, is disabled. |
Event ID: 5711
|
Message |
Authentication interval is set to <INTERVAL> seconds. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that Authentication interval is changed. |
Event ID: 5712
|
Message |
'cached-reauth authorized' configured : When re-authentication cache timer expires- clients will be authorized on a port without authentication process. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that authorizaton after cached reauthentication timeout, is enabled. |
Event ID: 5713
|
Message |
'cached-reauth authorized' un-configured : clients are not authorized on a port without authentication process. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that authorizaton after cached reauthentication timeout, is disabled |
Event ID: 5714
|
Message |
<8021x> client <CLIENT_NAME> is authorized on port <PORT_NAME>. Reason: cached re-authentication timer is expired. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that the client is authorized after cached reauthentication timeout |
Event ID: 5715
|
Message |
Initial role '<ROLE_NAME>' is configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that AAA user role on a port is configured |
Event ID: 5716
|
Message |
Initial role '<ROLE_NAME>' is un-configured on port <PORT_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that AAA user role on a port is un-configured |
Event ID: 5717 (Severity: Warning)
|
Message |
Cannot apply open-auth user-role <ROLE_NAME>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
Applying invalid user-role to open-auth. Example 1: Applying role which doesn't have any VLANs. Cannot apply open-auth user-role 'o-role' to the clients on port 5 as the user-role does not contain VLAN configurations. Example 2: Applying role which has a VLAN which is not present in switch. Cannot apply open-auth user-role 'o-role' to the clients on port 5 as VLAN10 is not configured. |
Event ID: 5718
|
Message |
RADIUS tracking dead servers only is enabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that Authentication dead servers only is enabled. |
Event ID: 5719
|
Message |
RADIUS tracking dead servers only is enabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that Authentication dead servers only is disabled. |
Event ID: 5720
|
Message |
RADIUS tracking request packet count is set to |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that Authentication max number of request packet count on retry is changed. |
Event ID: 5721
|
Message |
RADIUS tracking password modified. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicates that Authentication password is changed. |
Event ID: 5727
|
Message |
Authentication order is <ENABLE/DISABLE> on port <PORT_NAME>. |
|
Platforms |
KB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Status of Authentication order on a port. |
Event ID: 5728
|
Message |
Authentication order fallback is <ENABLE/DISABLE> on port <PORT_NAME>. |
|
Platforms |
KB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Status of Authentication order fallback on a port. |
Event ID: 5729
|
Message |
Authentication priority is <ENABLE/DISABLE> on port <PORT_NAME>. |
|
Platforms |
KB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Status of Authentication priority on a port. |
Event ID: 5756
|
Message |
console-lockout is <ENABLED/DISABLED>. |
|
Platforms |
KB, WB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This rmon event indicated the console-lockout is enabled/disbaled. |
Event ID: 5765
|
Message |
User <USER_NAME>: <URI_MESSAGE> |
|
Platforms |
KB, WC, YC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This log event informs that a REST user account executed an URI which had authorization. |
Event ID: 5786 (Severity: Warning)
|
Message |
The command 'port-security <PORT_NAME> mac-address <MAC_ADDR_STR> is deleted from the configuration since the MAC address is same as switch MAC address. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This rmon log event informs that user invalid port-security mac-address configuration is deleted. |
Event ID: 5815 (Severity: Warning)
|
Message |
The user name <USER_NAME>..' of length <USER_LENGTH> characters has exceeded the maximumallowable length of 64 characters. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This rmon log event informs that user name exceeds 64 |
Event ID: 5825
|
Message |
User '<USER_NAME>':Minimum like character position check value is set to <AUTH_PWD_CHAR_CHECK_VALUE>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Minimum like character position check value is set for user. |
Event ID: 5826
|
Message |
User <USER_NAME> password cannot be changed since the like character position check failed. Minimum expected like character position change count is <PWD_POS_CHECK>. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Username and password cannot be changed since the like character position check failed. |
Event ID: 5827
|
Message |
User '<USER_NAME>':Password like character position check is disabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Username and Password like character position check is disabled. |
Event ID: 5828
|
Message |
User '<USER_NAME>': The period for tracking the successful login attempts is set to <LOGIN_ATTEMPTS> days. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This RMON log event logs the period configured for tracking the number of user's successful login attempts. |
Event ID: 5829
|
Message |
User '<USER_NAME>':The tracking of successful login attempts has been disabled. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
Informs that successful login tracking is disabled and flash file is cleared. |
Event ID: 5830
|
Message |
User successful login file content is cleared. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This RMON log event informs that successful login file is cleared. |
Event ID: 5831 (Severity: Fatal)
|
Message |
User Success login file access error. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Fatal |
|
Description |
Unexpected error returned from file access function (should never occur, and asserts in QA mode). |
Event ID: 5832 (Severity: Warning)
|
Message |
Recreating the user successful login file since the previousfile is corrupt or incompatible. |
|
Platforms |
KB, WC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
Recreates success login file, when corrupt or incompatible. |
Event ID: 5840
|
Message |
Unable to establish TLS session with RADIUS server |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This RMON event indicates that the TLS session is not able to establish with RADIUS server. |
Event ID: 5841
|
Message |
TLS session timed out with RADIUS server |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Information |
|
Description |
This RMON event indicates that the TLS session is timed-out with RADIUS server. |
Event ID: 5842 (Severity: Warning)
|
Message |
Firmware downgrade is not allowed when radius-server host with tls is configured. Please delete radius-server host IPv4/fqdn with tls manually to continue the downgrade. |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This RMON indicates that firmware downgrade with radius-server host with tls configuration is not allowed unless the configuration is removed. |
Event ID: 5843 (Severity: Warning)
|
Message |
Firmware downgrade is not allowed when ip source-interface for radsec is configured. Please delete ip source-interface for radsec manually to continue the downgrade. |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This RMON indicates that firmware downgrade with ip source-interface for radsec configuration is not allowed unless the configuration is removed. |
Event ID: 5844 (Severity: Warning)
|
Message |
Firmware downgrade is not allowed when lowest tls version for radsec is configured. Please delete lowest tls version for radsec manually to continue the downgrade. |
|
Platforms |
KB, WB, WC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This RMON indicates that firmware downgrade with lowest tls version for radsec configuration is not allowed unless the configuration is removed. |
Event ID: 5940 (Severity: Warning)
|
Message |
The maximum limit of authentication packets reached for PEAP-MSCHAPv2 session. Authentication aborted for client <MAC_ADDR>/ user <USER_NAME>. |
|
Platforms |
KB, WB, WC, YA, YB, YC |
|
Category |
Authentication |
|
Severity |
Warning |
|
Description |
This RMON indicates that the PEAP-MSCHAPv2 session is aborted as the number of authentication packets reached the maximum limit for the session. |
