12 debug dot1x fsm, 2 802.1x troubleshooting – Amer Networks SS2R48G4i V2 User Manual
Page 138
SS2R24G4i/SS2R48G4i
127
Command Mode
Admin Mode
Parameters pkt-send
represents the detail of sending packets; pkt-receive represen the details of
receiving packets; internal represents internal details; userbased represents the user-based
information; all represents all the detailed informations; <InterfaceName> is the name of interface.
14.4.1.12 debug dot1x fsm
Command debug dot1x fsm {asm|aksm|ratsm|basm|all} interface {[ethernet] <InterfaceName>}
no debug dot1x fsm {asm|aksm|ratsm|basm|all} interface {[ethernet] <InterfaceName>}
Function
Enable the limited state machine debug information of dot1x; the “no debug dot1x fsm
{asm|aksm|ratsm|basm|all} interface {[ethernet] <InterfaceName>} ” command is to disable the limited
state machine debug information of dot1x
Command Mode
Admin Mode
Parameters asm
represents the authenticator state machine information; aksm represents the
authenticator key transmission state machine state; ratsm represents reauthentication timer state
machine information; basm represents background authentication state machine information; all
represents all the state machine information; <InterfaceName> is the name of interface.
14.4.2 802.1x Troubleshooting
It is possible that 802.1x be congfigured on ports and 802.1x authentication be setted to auto,but
switch cann’t be to authenticated state after the user runs 802.1x supplicant software. Here are some
possible causes and solutions
z
If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning tree, or MAC
binding, or configured as a Trunk port or for port aggregation. To enable the 802.1x authentication,
the above functions must be disabled.
z
If the switch is configured properly but still cannot pass through authentication, connectivity
between the switch and RADIUS server, the switch and 802.1x client should be verified, and the
port and VLAN configuration for the switch should be checked, too.
z
Check the event log in the RADIUS server for possible causes. In the event log, not only
unsuccessful logins are recorded, but prompts for the causes of unsuccessful login. If the event log
indicates wrong authenticator password, radius-server key parameter shall be modified; if the event
log indicates no such authenticator, the authenticator needs to be added to the RADIUS server; if
the event log indicates no such login user, the user login ID and password may be wrong and
should be verified and input again.
z
If the access mode of a port is userbased advanced and static user is configured on RADIUS server
but is not issued to the switch, first check whether the RADIUS server is configured correctly using
the command”ip user helper addres”, and then check whether the RADIUS server configured static
user on the port, last check the issueing of static user using the command” show dot1x interface”