Troubleshooting guide
3. Troubleshooting Functional Failures During Operation
51
No. Items to check and commands Action
4 Execute the show dot1x
statistics operation
command, and make sure
packets have been received from
the RADIUS server.
If the value displayed for RxTotal under [EAPoverRADIUS
frames] is 0, packets have not been received from the RADIUS
server. Check the following:
If the RADIUS server is associated with the remote network,
make sure a route to the remote network exists.
Make sure the ports on the RADIUS server are not subject to
authentication.
For other cases, go to No. 5.
5 Execute the show dot1x
logging operation command,
and check data exchange with
the RADIUS server.
If Invalid EAP over RADIUS frames received is
displayed, invalid packets were received from the RADIUS
server. Check whether the RADIUS server is running normally.
If Failed to connect to RADIUS server is displayed, an
attempt to establish a connection with the RADIUS server has
failed. Check whether the RADIUS server is running normally.
For other cases, go to No. 6.
6 Execute the show dot1x
logging operation command,
and check whether
authentication failed.
If "RADIUS authentication failed" is displayed
Authentication failed for either of the following reasons. Check
for problems.
(1) The user ID or password has not been registered on the
authentication server.
The user ID or password is entered incorrectly.
If The number of supplicants on the switch is full
is displayed:
Authentication failed because the maximum number of
supplicants for the device was exceeded.
If The number of supplicants on the interface is
full is displayed:
Authentication failed because the maximum number of
supplicants for the interface was exceeded.
If Failed to authenticate the supplicant because
it could not be registered to mac-address-table.
is displayed:
Authentication was successful, but an attempt to set the MAC
address table for the hardware failed.
See the appropriate location in the Message Log Reference,
and take the action described in Action.
If the authentication mode is set to VLAN-based authentication
(dynamic) and Failed to assign VLAN. is displayed:
Authentication by the RADIUS server was successful, but VLAN
allocation failed.
If Failed to authenticate the supplicant because
it could not be registered to MAC VLAN. is displayed:
Authentication was successful, but an attempt to set the MAC
VLAN table for the hardware failed.
See the appropriate location in the Message Log Reference,
and take the action described in Action.
If none of the above apply and the authentication mode is set to
port-based authentication (dynamic) or VLAN-based
authentication (dynamic), go to No. 7. For all other cases, see
the RADIUS server log to check whether authentication failed.