Alcatel Carrier Internetworking Solutions 6648 User Manual
Page 302
Troubleshooting AVLAN
Troubleshooting Authenticated VLANs
page 18-4
OmniSwitch Troubleshooting Guide
September 2005
-> show mac-address-table
Legend: Mac Address: * = address not valid
Vlan Mac Address Type Protocol Operation Interface
------+-------------------+--------------+-----------+------------+-----------
2 00:c0:4f:0c:3a:e4 learned 0 bridging 1/21
Total number of Valid MAC addresses above = 1
Now verify that the Gateway defined in RADIUS server point towards the right IP address. ARP table
confirms that the switch has learned the ARP entry of the RADIUS server. Verify that the IP address of
the RADIUS server has been learned in the correct VLAN and the port it has been attached.
-> show arp
Total 1 arp entries
Flags (P=Proxy, A=Authentication, V=VRRP)
IP Addr Hardware Addr Type Flags Port Interface
-----------------+-------------------+----------+-------+--------+-----------
192.168.10.100 00:c0:4f:0c:3a:e4 DYNAMIC 1/21 vlan 2
4
Verify that the Authentication shared secret on the radius server and the switch (Radius client) is same.
There is no show command to check the Authentication shared secret on the switch for the security
purpose. The only way to verify is reenter the shared secret using the aaa radius-server CLI command
5
If so far so good and radius server is rejecting user request, verify the user configuration on the radius
server to make sure he/she is using correct user name and password. Read the the “Managing Authentica-
tion Servers” chapter in the appropriate OmniSwitch Network Configuration Guide for detail information
about Radius server attributes and configuration. Check log file on the radius server for more information.
Problem Communicating Using Multiple Protocols
Simultaneously
If client can’t communicate to the remote station in the Authenticated VLAN using multiple protocols
simultaneously then check below possible configuration mistakes.
Let’s take an example of user who is trying to communicate to the target machine using both IP and IPX.
The communication might failure because of one or more of the following steps.
1
If client can’t communicate using IP and IPX, troubleshoot the basic authentication issues using the
“DHCP Request Failure” on page 18-2
“Authentication Failure” on page 18-3
explained earlier in this chapter.
2
If authentication works fine using IP not IPX then troubleshoot the Radius Server as explained in next
steps.
3
Locate Alcatel.dct file under Radius installed folder on the Radius Server. Open this file using Note-
pad and look for the ATTRIBUTE “Alcatel-Auth-Group-Protocol”. If you don’t see this attribute then
contact Alcatel Customer Support to get the latest Alcatel.dct (Alcatel Dictionary) file. Replace it with the
new one.
4
Once the new file is in place make sure you associate multiple protocol with the Authenticated VLAN
that user moving into. Refer to the “Managing Authentication Servers” chapter in the appropriate
OmniSwitch Network Configuration Guide for Vendor-Specific Attributes for RADIUS.