Troubleshooting guide
3. Troubleshooting Functional Failures During Operation
122
Check the following for the configuration related to MAC-based authentication.
Table 3-63: Checking the configuration of MAC-based authentication
5 Check the setting of the authentication IPv4
access list.
• If an unauthenticated terminal sends certain types of
packets to destinations outside the Switch, make sure an
authentication IPv4 access list is set.
When both a standard access list and an authentication
IPv4 access list are set, make sure the filter conditions in
the authentication IPv4 access list are also set in the
standard access list.
• If communication is possible without authentication, make
sure a filtering condition for permitting IP packet
communication (such as
permit ip any) is not set in the
access list.
• For AX3800S, AX3600S, and AX2400S series switches,
even if the
deny ip any any filtering condition is set in the
authentication IPv4 access list specified for the
authenticating port, MAC-based authentication is
performed depending on the received ARP packets. To
remove the target port from the ports subject to
MAC-based authentication, use the
no
mac-authentication port configuration command.
• For other cases, go to No. 6.
6Use the
show mac-authentication
statistics command to check whether the
MAC-based authentication statistics are
displayed.
• If the MAC-based authentication statistics are not
displayed, go to No. 7.
• For other cases, go to No. 8.
7 Check whether the
mac-authentication
system-auth-control configuration
command has been set.
• If the
mac-authentication system-auth-control
configuration command has not been set, set the command.
• Check whether the authenticating port is correctly set by
the
mac-authentication port configuration command.
• Make sure that the authenticating port to which the
terminal is connected is neither in the
link-down status
nor is shut down.
• For other cases, go to No. 8.
8 Execute the
show mac-authentication
logging command and check for operation
problems.
• If the number of authenticated devices has reached the
maximum capacity limit, wait a while until the
authentication of another terminal is cancelled.
• For other cases, check the MAC-based authentication
configuration.
No. Items to check Action
1 Check the MAC-based authentication
configuration settings.
Make sure the following configuration commands have been
set correctly.
•
aaa accounting mac-authentication default
start-stop group radius
• aaa authentication mac-authentication
default group radius
• mac-authentication password
• mac-authentication port
• mac-authentication radius-server host
• mac-authentication static-vlan max-user
• mac-authentication system-auth-control
No. Items to check and commands Action