Troubleshooting with the cli, Troubleshooting with the cli -2 – Alcatel Carrier Internetworking Solutions 6648 User Manual

Page 316

Advertising
background image

Troubleshooting with the CLI

Troubleshooting 802.1X

page 19-2

OmniSwitch Troubleshooting Guide

September 2005

Troubleshooting with the CLI

1

Make sure the Radius and Accounting ports are configured the same on both switch and Radius Server.

The default on the Radius Server can be either 1645/1812 for Radius and 1646/1813 for the Accounting.

Layer-2: show aaa server
Server name = rad1
Server type = RADIUS,
IP Address 1 = 133.2.253.1,
Retry number = 3,
Time out (sec) = 2,
Authentication port = 1645,

Accounting port = 1646

2

Verify the port is configured for 802.1x authentication.

Layer-2: show vlan port mobile

cfg ignore
port mobile def authent enabled restore bpdu
-------+--------+----+--------+---------+---------+-------
2/1 on 1 on-avlan on on on
2/2 on 1 on-avlan on on on
2/3 on 1 on-8021x on on on
2/4 on 1 on-8021x on on on

3

Check the physical status and VLAN assignment of the port.

Layer-2: show vlan port 2/3
vlan type status
--------+---------+--------------
1 default forwarding
101 mobile forwarding

4

Check the status of the MAC address table on the 802.1x port.

Layer-2: show mac-address-table 2/3
Legend: Mac Address: * = address not valid

Vlan Mac Address Type Protocol Operation Interface
------+-------------------+--------------+-----------+------------+-----------
101 00:0f:1f:d5:54:95 learned 10800 bridging 2/3
Total number of Valid MAC addresses above = 1

5

If a user can not move to VLAN-X after authentication, it could mean that authentication is disabled on

that VLAN, or that the Radius server didn't return a specific VLAN number in the return list attribute.
Please verify that the server is configured properly with the correct return list attribute type as explained in
the user guide. To move a user into a specific VLAN, Radius server has to return the attribute "Alcatel-
Auth-Group" with a valid Authenticated VLAN number.

Layer-2: show vlan 101
Name : bungaku,
Administrative State: enabled,
Operational State : enabled,
Spanning Tree State : disabled,

Advertising
This manual is related to the following products:

8800, 6624, 7800, 7700

Popular Brands
Popular manuals