XGS-5240-Series User Manual

Table Of Contents
Configuration Guide of XGS-5240-Series
47-22
respectively. Install the IEEE802.1x authentication client software on the computer, and
use the client for IEEE802.1x authentication.
The detailed configurations are listed as below:
Switch(config)#interface vlan 1
Switch(Config-if-vlan1)#ipv6 address 2004:1:2:3::2/64
Switch(Config-if-vlan1)#exit
Switch(config)#radius-server authentication host 2004:1:2:3::3
Switch(config)#radius-server accounting host 2004:1:2:3::3
Switch(config)#radius-server key test
Switch(config)#aaa enable
Switch(config)#aaa-accounting enable
Switch(config)#dot1x enable
Switch(config)#interface ethernet 1/0/2
Switch(Config-If-Ethernet1/0/2)#dot1x enable
Switch(Config-If-Ethernet1/0/2)#dot1x port-control auto
Switch(Config-If-Ethernet1/0/2)#exit
47.4 802.1x Troubleshooting
It is possible that 802.1x be configured on ports and 802.1x authentication be set t
o auto, t switch can’t be to authenticated state after the user runs 802.1x supplicant so
ftware. Here are some possible causes and solutions:
 If 802.1x cannot be enabled for a port, make sure the port is not executing MAC
binding, or configured as a port aggregation. To enable the 802.1x authentication, t
he above functions must be disabled.
 If the switch is configured properly but still cannot pass through authentication, con
nectivity between the switch and RADIUS server, the switch and 802.1x client shou
ld be verified, and the port and VLAN configuration for the switch should be check
ed, too.
 Check the event log in the RADIUS server for possible causes. In the event log, n
ot only unsuccessful logins are recorded, but prompts for the causes of uns
uccessful login. If the event log indicates wrong authenticator password, radius-serv
er key parameter shall be modified; if the event log indicates no such authenticator,
the authenticator needs to be added to the RADIUS server; if the event log indic
ates no such login user, the user login ID and password may be wrong and shoul
d be verified and input again.