Authentication failure, Authentication failure -3 – Alcatel Carrier Internetworking Solutions 6648 User Manual

Page 301

Advertising
background image

Troubleshooting Authenticated VLANs

Troubleshooting AVLAN

OmniSwitch Troubleshooting Guide

September 2005

page 18-3

192.168.10.100 00:c0:4f:0c:3a:e4 DYNAMIC 1/21 vlan 2

There are couples of other things you can verify is on the DHCP server itself.

Router IP address is set to the IP address of one of the authenticated VLANs in the switch.

Address pool must be created in order to assign the DHCP IP address.

Authentication Failure

If the client (PC-1) is cannot successfully completes the authentication, it could be because of wrong
configuration in the switch, communication failure or miss configured RADIUS server.

Use the command:

-> show aaa server

1

Verify that the correct IP address of the radius server has been entered. The Authentication port and

Accounting port must match with the Radius server’s port configuration.

To verify the port configuration on the radius server open the radius.ini file in Notepad and check for
below entries.

[Ports]

UDPAuthPort = 1812

UDPAcctPort = 1813

You can also use UDPAuthPort = 1645 and UDPAcctPort = 1646 if you want. It’s ok to use these ports
based on old RFC. Whatever is there it should be same on both Switch and the Server.

The example of the show aaa server CLI command is shown below:

-> show aaa server
Server name = rad-1
Server type = RADIUS,
IP Address 1 = 192.168.10.100,
Retry number = 3,
Time out (sec) = 2,
Authentication port = 1812,
Accounting port = 1813

To modify any of the above fields use the aaa radius-server CLI command. For detail reference of how
to set such parameters, read the “Managing Authentication Servers” and the “Configuring Authenticated
VLANs” chapters in the appropriate OmniSwitch Network Configuration Guide.

2

Ping the radius server to verify the good connectivity. If server doesn’t respond, fix the connectivity

issue first and then troubleshoot Authentication configuration.

3

You can also verify the MAC address-table and ARP table entries.

-> show mac-address-table

The MAC address table confirms that the switch has learned mac-address of the RADIUS server has been
learned.

Advertising
This manual is related to the following products:

8800, 6624, 7800, 7700

Popular Brands
Popular manuals