Table of Contents
Advertisement
3.12.3
Communication Failure on Using MAC Authentication
For MAC authentication failure, isolate the problem according to the failure analysis method described in
3-53: Failure Analysis Method for MAC
For confirming Web authentication configuration and accounting information, isolate the problem according to the
failure analysis method described in
3-55: MAC Authentication Failure Analysis
Table 3-53: Failure Analysis Method for MAC Authentication
No.
Troubleshooting Steps and Command
1
Check to see if the terminal can communicate.
2
Check to see if MAC address and VLAN ID are
registered by the show mac-authentication
mac-address command.
3
Check to see the status of communication with
RADIUS server by the show
mac-authentication statistics
command.
4
Check to see if MAC address and password are
registered in RADIUS server.
Authentication."
"Table 3-54: Checking MAC Authentication
Method."
• If authentication in Local authentication method failed, go to No. 2.
• If authentication in RADIUS authentication method failed, go to
No.3.
• Otherwise, go to No.5.
• If MAC address is not registered yet, set MAC address and VLAN
ID by the set mac-authentication mac-address
command.
• Otherwise, go to No. 5.
• When "TxTotal" of [Account frames] indicates 0, confirm all of the
settings by configuration commands (aaa accounting
web-authentication default start-stop group
radius, radius-server host, and
mac-authentication radius-server host) are correct.
• For IP8800/S3600 and IP8800/S2400 models, even though the dead
interval lets RADIUS server get recovered from no-response state
and become able to communicate, the system is not able to collate
with the RADIUS server during a period of time specified by
configuration command authentication radius-server
dead-interval. As a result, an authentication error occurs.
In this case, if the period of time is too long for the system to wait for
an authentication error response, change the set value of
configuration command authentication radius-server
dead-interval or execute the clear
web-authentication dead-interval-timer command.
Authentication action against the first RADIUS will be taken again.
• Otherwise, go to No. 4.
• If MAC address has not been registered as a User ID for RADIUS
Server yet, register it.
• If you use MAC address as a password, set the same value as in MAC
address.
• Once you registered common values to the RADIUS servers as a
password, check to see if the password is the same as one registered
by the configuration command mac-authentication
password.
• Otherwise, go to No.5.
3.
Troubleshooting Functional Failures in Operation
Configuration" and
Action
"Table
"Table
97
Advertisement
Table of Contents
Troubleshooting
