Troubleshooting guide

ManualsBrandsAlaxala ManualsComputer equipmentAX1240S Series

3. Troubleshooting Functional Failures During Operation

No. Items to check and commands Action

 (Reason: Invalid Tunnel-Private-Group-ID

Attribute)

[port-based authentication (dynamic)][VLAN-based

authentication (dynamic)]

Dynamic allocation has failed because an invalid value is set for

the Tunnel-Private-Group-ID attribute for the RADIUS

attribute.

Set the correct VLAN ID for the Tunnel-Private-Group-ID

attribute for the RADIUS attribute of the RADIUS server.

If a VLAN name has been registered on the RADIUS server,

make sure the target VLAN name matches the VLAN name

specified in the name

configuration command.

 (Reason: The port doesn't belong to VLAN)

For port-based authentication (dynamic):

Dynamic allocation has failed because the authentication port

does not belong to the VLAN ID specified for the

Tunnel-Private-Group-ID attribute for the RADIUS

attribute.

Correct the configuration so that the VLAN ID specified for the

Tunnel-Private-Group-ID attribute for the RADIUS

attribute of the RADIUS server matches the VLAN ID of the

authenticating port specified by using the switchport mac

vlan

configuration command.

If a VLAN name has been registered on the RADIUS server,

make sure the target VLAN name matches the VLAN name

specified in the name

configuration command.

 (Reason: The VLAN ID is not set to radius-vlan)

For VLAN-based authentication (dynamic):

The VLAN ID specified for the Tunnel-Private-Group-ID

attribute of the RADIUS attribute of the RADIUS server is not

enabled for VLAN-based authentication (dynamic).

Correct the configuration so that the VLAN ID specified for the

Tunnel-Private-Group-ID attribute for the RADIUS

attribute of the RADIUS server matches the VLAN ID specified

by the dot1x vlan dynamic radius-vlan configuration

command for VLAN-based authentication (dynamic).

If a VLAN name has been registered on the RADIUS server,

make sure the target VLAN name matches the VLAN name

specified in the name

configuration command.

 If none of the above apply, see the RADIUS server log to check

whether authentication has failed.

8 If authentication linked with the

NAP quarantine system cannot

be performed in port-based

authentication (static) mode,

check the setting of the

authentication IPv4 access list.

For port-based authentication (static):

 Make sure access permission for the quarantine server is set in

the authentication IPv4 access list.

 Correct the configuration so that the Filter-ID value

specified for the RADIUS attribute of the RADIUS server

matches the of the authentication IPv4 access list name for the

Switch.

If the switchport mac vlan configuration command has not been set, check whether the VLAN ID

for the RADIUS server has been set using the

vlan configuration command with "mac-based" specified.

Be careful of the following when using a VLAN name configured using the name configuration command