Security | 491Figure 28-6. Failed AuthenticationMonitor TACACS+To view information on TACACS+ transactions, use the following command in EXEC Privilege mode:TACACS+ Remote Authentication and AuthorizationFTOS takes the access class from the TACACS+ server. Access class is the class of service that restrictsTelnet access and packet sizes. If you have configured remote authorization, FTOS ignores the access classyou have configured for the VTY line. FTOS instead gets this access class information from theTACACS+ server. FTOS needs to know the username and password of the incoming user before it canfetch the access class from the server. A user, therefore, at least sees the login prompt. If the access classdenies the connection, FTOS closes the Telnet session immediately.Command Syntax Command Mode Purposedebug tacacs+ EXEC Privilege View TACACS+ transactions to troubleshootproblems.FTOS(conf)#FTOS(conf)#do show run aaa!aaa authentication enable default tacacs+ enableaaa authentication enable LOCAL enable tacacs+aaa authentication login default tacacs+ localaaa authentication login LOCAL local tacacs+aaa authorization exec default tacacs+ noneaaa authorization commands 1 default tacacs+ noneaaa authorization commands 15 default tacacs+ noneaaa accounting exec default start-stop tacacs+aaa accounting commands 1 default start-stop tacacs+aaa accounting commands 15 default start-stop tacacs+FTOS(conf)#FTOS(conf)#do show run tacacs+!tacacs-server key 7 d05206c308f4d35btacacs-server host 10.10.10.10 timeout 1FTOS(conf)#tacacs-server key angelineFTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0(10.11.9.209)%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authenticationsuccess on vty0 ( 10.11.9.209 )%RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0(10.11.9.209)FTOS(conf)#username angeline password angelineFTOS(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline onvty0 (10.11.9.209)%RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authenticationsuccess on vty0 ( 10.11.9.209 )Server key purposely changed to incorrect valueUser authenticated using secondary method