Troubleshooting guide

3. Troubleshooting Functional Failures During Operation

If the switchport mac vlan configuration command has not been set, check whether the VLAN ID

for the RADIUS server has been set using the

vlan configuration command with mac-based

specified.

Be careful of the following when using a VLAN name configured using the name configuration command

as a VLAN after RADIUS authentication.



Specify a unique VLAN name. If the same VLAN name is used for two or more VLANs, the

smallest VLAN ID is allocated as the post-authentication VLAN in RADIUS authentication mode.

 Do not specify a number at the beginning of the VLAN name. A number at the

beginning will be recognized as the VLAN ID, which might result in an

authentication failure.

Check the following for the configuration related to MAC-based authentication.

Table 3-30 Checking the configuration of MAC-based authentication

No. Items to check and commands Action

1 MAC-based authentication

configuration

Make sure the following configuration commands have been set

correctly.

Common to MAC-based authentication

 aaa authentication mac-authentication default

group radius

 mac-authentication access-group

 mac-authentication auto-logout

 mac-authentication id-format

 mac-authentication interface

 mac-authentication max-timer

 mac-authentication password

 mac-authentication system-auth-control

[Fixed VLAN mode]

 mac-authentication port

 mac-authentication static-vlan max-user

 mac-authentication vlan-check

 authentication arp-relay

 authentication ip access-group

[Dynamic VLAN mode]

 mac-authentication port

 mac-authentication max-user

 authentication arp-relay

 authentication ip access-group

[Legacy mode]

 mac-authentication max-user

 mac-authentication vlan