HP 2600 User Manual

Page 362

Advertising
background image

Troubleshooting
Unusual Network Activity

Ensure that the

radius-server timeout period is long enough for network

conditions.

The switch does not authenticate a client even though the RADIUS
server is properly configured and providing a response to the
authentication request.

If the RADIUS server configuration for authenti­

cating the client includes a VLAN assignment, ensure that the VLAN exists as
a static VLAN on the switch. See “How 802.1X Authentication Affects VLAN
Operation” in the Access Security Guide for your switch.

During RADIUS-authenticated client sessions, access to a VLAN on the
port used for the client sessions is lost.

If the affected VLAN is config­

ured as untagged on the port, it may be temporarily blocked on that port during
an 802.1X session. This is because the switch has temporarily assigned another
VLAN as untagged on the port to support the client access, as specified in the
response from the RADIUS server. See “How 802.1X Authentication Affects
VLAN Operation” in the Access Security Guide for your switch.

The switch appears to be properly configured as a supplicant, but
cannot gain access to the intended authenticator port on the switch
to which it is connected.

If

aaa authentication port-access is configured for

Local, ensure that you have entered the local login (operator-level) username
and password of the authenticator switch into the

identity and secret parame­

ters of the supplicant configuration. If instead, you enter the enable (manager-
level) username and password, access will be denied.

The supplicant statistics listing shows multiple ports with the same
authenticator MAC address.

The link to the authenticator may have been

moved from one port to another without the supplicant statistics having been
cleared from the first port. Refer to the “Note on Supplicant Statistics” in the
Access Security Guide

for your switch.

The

show port-access authenticator < port-list > command shows one or more

ports remain open after they have been configured with

control

unauthorized. 802.1X is not active on the switch. After you execute aaa port-
access authenticator active, all ports configured with control unauthorized
should be listed as

Closed.

C-12

Advertising
This manual is related to the following products:

2600-PWR

Popular Brands
Popular manuals