Non-EAP is not a member of a VLAN
If no VLAN is pre-existing on the port, authentication cannot happen because a RADIUS
request has not been sent by the switch. NEAP authentication will not occur for a port with no
VLAN, but an EAP client on a similarly configured port can be authenticated.
Limitations
• Verify a port with Non-EAP authentication is assigned to at least one VLAN at all times.
• If Non-EAP is not member of a VLAN:
- Enable Non-EAP authentication on a port that isn't in a VLAN.
- The port already has Non-EAP authentication enabled, but you want to remove it
from all vlans.
In both cases, the port is added to vlan 1.
• The feature will not take action if vlan 1 and the previous vlan are in different stages.
Non-EAP freeform password
When you configure the RADIUS password, you can also use the following commands:
• show eapol multihost non-eap-pwd-fmt—this command shows the password
fields and padding.
• show eapol multihost non-eap-pwd-fmt key—this command prints the key
used. The password is printed in cleartext only when password security is not enabled.
Otherwise, the password is printed as a string of asterisks.
Using Trace
Use trace to observe the status of a software module at a given time. Follow the steps in
Configuring System Monitoring on Avaya Ethernet Routing Switch 4000 Series
NN47205-502.
Note:
If the trace level is set to a higher level (3 or above), a large number of messages are
displayed in CLI. This may cause subsequent commands to not be displayed properly, and
the actions of those commands may be executed with a slight delay.
Non-EAP is not a member of a VLAN
Troubleshooting Avaya ERS 4000 Series April 2014 159
To Next Page
Loading...
