A trunked port configured for 802.1x is blocked, Radius-related problems – HP 2600 User Manual

Page 364

Advertising
background image

Troubleshooting
Unusual Network Activity

Also, ensure that the switch port used to access the RADIUS server is not
blocked by an 802.1X configuration on that port. For example,

show port-

access authenticator < port-list > gives you the status for the specified ports.
Also, ensure that other factors, such as port security or any 802.1X configura­
tion on the RADIUS server are not blocking the link.

The authorized MAC address on a port that is configured for both
802.1X and port security either changes or is re-acquired after
execution of

aaa port-access authenticator < port-list > initialize. If the port is

force-authorized with

aaa port-access authenticator <port-list> control authorized

command and port security is enabled on the port, then executing

initialize

causes the port to clear the learned address and learn a new address from the
first packet it receives after you execute

initialize.

A trunked port configured for 802.1X is blocked.

If you are using

RADIUS authentication and the RADIUS server specifies a VLAN for the port,
the switch allows authentication, but blocks the port. To eliminate this prob­
lem, either remove the port from the trunk or reconfigure the RADIUS server
to avoid specifying a VLAN.

Radius-Related Problems

The switch does not receive a response to RADIUS authentication
requests.

In this case, the switch will attempt authentication using the

secondary method configured for the type of access you are using (console,
Telnet, or SSH).

There can be several reasons for not receiving a response to an authentication
request. Do the following:

Use

ping to ensure that the switch has access to the configured RADIUS

server.

Verify that the switch is using the correct encryption key for the desig­
nated server.

Verify that the switch has the correct IP address for the RADIUS server.

Ensure that the

radius-server timeout period is long enough for network

conditions.

Verify that the switch is using the same UDP port number as the server.

RADIUS server fails to respond to a request for service, even though
the server’s IP address is correctly configured in the switch.

Use

show radius to verify that the encryption key the switch is using is correct for
the server being contacted. If the switch has only a global key configured, then

C-14

Advertising
This manual is related to the following products:

2600-PWR

Popular Brands
Popular manuals