Retransmit Attempts : 3
Global Encryption Key : My-Global-Key
Dynamic Authorization UDP Port : 3799
Auth Acct DM/ Time
Server IP Addr Port Port CoA Window Encryption Key
--------------- ---- ---- --- ------ ---------------
10.33.18.119 1812 1813 119-only-key
Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on
that port. For example, show port-access authenticator <port-list> gives you the status for the
specified ports. Also, ensure that other factors, such as port security or any 802.1X configuration on the RADIUS
server are not blocking the link.
The authorized MAC address on a port that is configured for both 802.1X and port
security either changes or is re-acquired after execution of aaa port-access
authenticator <port-list> initialize
If the port is force-authorized with aaa port-access authenticator <port-list> control
authorized command and port security is enabled on the port, then executing initialize causes the port to
clear the learned address and learn a new address from the first packet it receives after you execute
initialize.
A trunked port configured for 802.1X is blocked
If you are using RADIUS authentication and the RADIUS server specifies a VLAN for the port, the switch allows
authentication, but blocks the port. To eliminate this problem, either remove the port from the trunk or reconfigure
the RADIUS server to avoid specifying a VLAN.
QoS-related problems
Loss of communication when using VLAN-tagged traffic
If you cannot communicate with a device in a tagged VLAN environment, ensure that the device either supports
VLAN tagged traffic or is connected to a VLAN port that is configured as Untagged.
Radius-related problems
The switch does not receive a response to RADIUS authentication requests
In this case, the switch attempts authentication using the secondary method configured for the type of access you
are using (console, Telnet, or SSH).
There can be several reasons for not receiving a response to an authentication request. Do the following:
• Use ping to ensure that the switch has access to the configured RADIUS server.
• Verify that the switch is using the correct encryption key for the designated server.
• Verify that the switch has the correct IP address for the RADIUS server.
• Ensure that the radius-server timeout period is long enough for network conditions.
• Verify that the switch is using the same UDP port number as the server.
Chapter 13 Troubleshooting 467
To Next Page
Loading...
Need help?
General