Avaya 3500 Series Troubleshooting Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Network Router
  5. 3500 series
  6. Troubleshooting manual

Avaya 3500 Series Troubleshooting Manual

Ethernet routing switch
Hide thumbs Also See for 3500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Configuration Manual
Avaya Ethernet Routing Switch 3500
Series Troubleshooting
Release 5.1
NN47203-700
Issue 02.01
February 2013

Advertisement

Table of Contents
loading

Related Manuals for Avaya 3500 Series

Summary of Contents for Avaya 3500 Series

  • Page 1 Avaya Ethernet Routing Switch 3500 Series Troubleshooting Release 5.1 NN47203-700 Issue 02.01 February 2013...
  • Page 2 Product provided by Avaya including the selection, arrangement and within them. Avaya does not guarantee that these links will work all the design of the content is owned either by Avaya or its licensors and is time and has no control over the availability of the linked pages.
  • Page 3 Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation and Product(s)
  • Page 4 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 5: Table Of Contents

    SNMP trap enhancements........................20 SNMP Trap list web page in EDM......................20 Remote monitoring (RMON) (RFC1757) per port Statistics History Alarm and Events......20 Avaya knowledge and solution engine...................... 21 Service Level Agreement (SLA) Monitor....................21 Chapter 6: General diagnostic tools.................
  • Page 6 You cannot access a switch at the stack IP address using ping, Telnet, SSH, Web, or EDM recovery tree..............................51 Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or MISSING..52 Cascade Up and Cascade Down columns display LINK DOWN or MISSING recovery tree... 52 Stack Health Check: Cascade Up and Cascade Down columns display UP WITH ERRORS....
  • Page 7 EAP–non-EAP unexpected port shutdown....................111 Configure switch..........................111 Troubleshooting 5.1 February 2013...
  • Page 8 Troubleshooting 5.1 February 2013...

  • Page 9: Chapter 1: Purpose Of This Document

    Chapter 1: Purpose of this document This document describes common problems and error messages and the techniques to resolve them. Troubleshooting 5.1 February 2013...
  • Page 10 Purpose of this document Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 11: Chapter 2: New In This Release

    The Avaya ERS 3500 Series supports the following hardware and software features for Release 5.1: ERS 3500 hardware The following table lists and describes the hardware that is new for the Avaya Ethernet Routing Switch 3500 Series Release 5.1: Table 1: Hardware...
  • Page 12 New in this release • Stack IP Address • Stack Monitor & Statistics • Storm Control • Unit Stack Uptime • Voice VLAN Integration (5.0.1) Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 13: Chapter 3: Introduction

    • Have basic knowledge of network topologies Troubleshooting tools The Ethernet Routing Switch 3500 Series products support a range of protocols, utilities, and diagnostic tools that you can use to monitor and analyze traffic, monitor laser operating characteristics, capture and analyze data packets, trace data flows, view statistics, and manage event messages.
  • Page 14 Introduction Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 15: Chapter 4: Troubleshooting Planning

    There are things you can do to minimize the need for troubleshooting and to plan for doing it as effectively as possible: 1. Use the Avaya Ethernet Routing Switch 3500 Series — Documentation Roadmap , NN47203– 101 to familiarize yourself with the documentation set, so you know where to get information when you need it.
  • Page 16 This speeds the process of isolating network problems. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 17: Chapter 5: Troubleshooting Fundamentals

    This section describes available troubleshooting tools and their applications. Port mirroring Avaya Ethernet Routing Switch 3500 Series switches have a port mirroring feature that helps you to monitor and analyze network traffic. The port mirroring feature supports both ingress (incoming traffic) and egress (outgoing traffic) port mirroring. When port mirroring is enabled, the ingress or egress packets of the mirrored (source) port are forwarded normally and a copy of the packets is sent from the mirrored port to the mirroring (destination) port.

  • Page 18: Port Mirroring Commands

    Switch 3500 Series-Configuration — System Monitoring, NN47203–501. System logs You can use the syslog messaging feature of the Ethernet Routing Switch 3500 Series products to manage event messages. The syslog software on the 3500 Series switch communicates with a server software component called syslogd that resides on your management workstation.

  • Page 19: Software Exception Log

    ASCII Config Generator (ACG) The primary goal of the ASCII Configurator Generator (ACG) is to provide the users of the Ethernet Routing Switch 3500 Series with a tool that lets them easily modify the configuration of a particular switch. ACG generates an ASCII configuration file which reproduces the behaviour of the current binary configuration file.

  • Page 20: Snmp Trap Enhancements

    Avaya enterprise traps. SNMP trap notification-control provides a generic mechanism for the trap generation control that works with any trap type. For more information, see Avaya Ethernet Routing Switch 3500 Series - Configuration — Security, NN47203–504.

  • Page 21: Avaya Knowledge And Solution Engine

    The Knowledge and Solution Engine is searchable by natural-language query. Service Level Agreement (SLA) Monitor The Ethernet Routing Switch 3500 Series supports the SLA Monitor agent as part of the Avaya SLAMon solution. SLAMon uses a server and agent relationship to perform end-to-end network Quality of Service (QoS) validation, and acts as a distributed monitoring device.
  • Page 22 This test is similar to traceroute but also includes DSCP values at each hop in the path from the source to the destination. The destination does not need to be an SLA Monitor agent. Limitations SLA Monitor agent communications are IPv4–based. Agent communications do not currently support IPv6. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 23: Chapter 6: General Diagnostic Tools

    Chapter 6: General diagnostic tools The Avaya Ethernet Routing Switch 3500 Series device has diagnostic features available through EDM and ACLI. You can use these diagnostic tools to help you troubleshoot operational and configuration issues. You can configure and display files, view and monitor port statistics, trace a route, run loopback and ping tests, test the switch fabric, and view the address resolution table.
  • Page 24 It is possible to move between command modes on a limited basis. This is explained in the Common Procedures section of this document. You can move between command modes on a limited basis. For more information about the ACLI command modes, see Avaya Ethernet Routing Switch 3500 Series — Fundamentals. NN47203–102. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 25: Chapter 7: Initial Troubleshooting

    As part of your initial troubleshooting, Avaya recommends that you check the Knowledge and Solution Engine on the Avaya Web site for known issues and solutions related to the problem you are experiencing. Gather information Before contacting Avaya Technical Support, you must gather information that can help the Technical Support personnel.
  • Page 26 • Connectivity information. When connectivity problems occur, get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues. To obtain this information, use the following commands: - show tech - show running-config - show port-statistics <port> Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 27: Chapter 8: Emergency Recovery Trees

    Chapter 8: Emergency recovery trees An Emergency Recovery Tree (ERT) is designed to quickly guide you through some common failures and solutions, by providing a quick reference for troubleshooting without procedural detail. Emergency recovery trees The following work flow shows the ERTs included in this section. Each ERT describes steps to correct a specific issue;...

  • Page 28: Corruption Of Flash

    Return Merchandise Authorization (RMA). For assistance with tasks in the Corruption of Flash Emergency Recovery Tree, see • Locating the switch console ports on page 55 • Using the Diagnostics Menu on page 56 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 29 Corruption of flash Corruption of flash recovery tree Figure 2: Corruption of flash recovery tree Troubleshooting 5.1 February 2013...

  • Page 30: Incorrect Port Vlan Identifier (Pvid)

    For examples that show how to check the PVID of ports, and how to make PVID corrections, • Example Checking PVID of ports on page 58 • Example VLAN Interface VLAN IDs on page 58 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 31: Uplink Ports Not Tagged To Vlan

    Uplink ports not tagged to VLAN When an ERS 3500 series switch is connected to an ERS 8600 series switch or another Avaya Ethernet series switch, and devices in a VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 3500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 3500 series switch.
  • Page 32 An example using the show vlan interface vids command is provided in Example VLAN Interface VLAN IDs page 58. Correct errors by adding missing VLANs to affected uplink ports. Refer to Tagging options page 60. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 33 Uplink ports not tagged to VLAN Uplink ports not tagged to VLAN recovery tree Figure 4: Uplink ports not tagged to VLAN recovery tree Troubleshooting 5.1 February 2013...

  • Page 34: Snmp

    If you can reach a device, but no traps are received, then verify the trap configurations (the trap destination address and the traps configured to be sent). SNMP recovery tree About this task The following figures show the SNMP recovery tree. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 35 SNMP Procedure Figure 5: SNMP part 1 Troubleshooting 5.1 February 2013...

  • Page 36: Stack

    Figure 6: SNMP part 2 Stack Stack failure can be the result of a communication error between the individual units typically due to stack cabling issues. Failures can also arise after multiple bases are configured. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 37: Stack Recovery Tree

    Stack Several situation may cause stacking problems, for example: • No units have a base switch set to the on position. • Multiple units have the Base Unit Select switch to the Base position. Only ONE switch in a stack configuration must have the Base Unit Select switch set to this position. •...
  • Page 38 Emergency recovery trees Procedure Figure 7: Stack part 1 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 39 Stack Figure 8: Stack part 2 Troubleshooting 5.1 February 2013...
  • Page 40 Emergency recovery trees Figure 9: Stack part 3 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 41 Stack Figure 10: Stack part 4 Troubleshooting 5.1 February 2013...

  • Page 42: Dynamic Host Configuration Protocol (Dhcp) Relay

    For example, the ports that provide connection to the network core or DHCP server are not set as trusted for DHCP snooping. DHCP recovery tree About this task The following figure shows the DHCP relay recovery tree. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 43: Agent Recovery

    Agent Recovery Procedure Figure 11: DHCP Agent Recovery In some cases during a software upgrade, the switch turns off before the software agent has been completely written to flash. This may be due to a power outage. In this case, the switch will report an error such as Agent code verification fails!! Units exhibiting the symptoms should NOT be returned through the Return Merchandise Authorization (RMA).
  • Page 44 For assistance with tasks shown in the Agent Recovery emergency recovery tree, see • Locating the switch console ports on page 55 • Using the Diagnostics Menu on page 56 Agent Recovery Emergency Recovery Tree Figure 12: Agent Recovery Emergency Recovery Tree Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 45: Aaur: Configuration For The Units In The Stack Is Not Saved On The Base Unit

    AAUR: configuration for the units in the stack is not saved on the base unit AAUR: configuration for the units in the stack is not saved on the base unit Use the recovery tree in this section if configuration for the units in the stack is not saved on the base unit.

  • Page 46: Aaur: Both Units Display Yes For Ready For Replacement

    Figure 13: Configuration for the units in the stack is not saved on the base unit AAUR: Both units display yes for Ready for Replacement Use the recovery tree in this section if both units in a stack of two display "yes" for "Ready for Replacement". Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 47: Both Units Display Yes For Ready For Replacement Recovery Tree

    AAUR: Both units display yes for Ready for Replacement Both units display yes for Ready for Replacement recovery tree About this task In a stack of two units, you enter the show stack auto-unit-replacement command and both units display as ready for replacement (only the non–base unit should be ready for replacement in a stack of two units).
  • Page 48 Emergency recovery trees Procedure Figure 14: Both units display yes for Ready for Replacement Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 49: Daur

    DAUR DAUR If you add a new unit to a stack, and the units have different diagnostic images, the new unit should start to copy the diagnostic image from the existing stack. Use the recovery tree in this section if the new unit fails to copy the diagnostic image. Diagnostic image transfer does not start recovery tree About this task The following figure shows the recovery tree to correct issues if a new unit fails to copy the...

  • Page 50: Stack Forced Mode

    Stack Forced Mode If you enable the Stack Forced Mode feature and a stack of two units breaks, the standalone switch that results from that broken stack of two is managed using the previous stack IP Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 51: You Cannot Access A Switch At The Stack Ip Address Using Ping, Telnet, Ssh, Web, Or Edm Recovery Tree

    Stack Forced Mode address. Use the recovery tree in this section if you cannot access the standalone switch using the stack IP address. You cannot access a switch at the stack IP address using ping, Telnet, SSH, Web, or EDM recovery tree About this task If you cannot access a standalone switch in a broken stack of two units, even though you had enabled the Stack Forced Mode feature, check that the standalone device still has a physical...

  • Page 52: Stack Health Check: Cascade Up And Cascade Down Columns Display Link Down Or Missing

    The following figure shows the recovery tree to use if the output from the switch displays "LINK DOWN" or "MISSING" in the Cascade Up or Cascade Down columns when you issue the show stack health command. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 53 Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or MISSING Procedure Figure 17: Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or MISSING Troubleshooting 5.1 February 2013...

  • Page 54: Stack Health Check: Cascade Up And Cascade Down Columns Display Up With Errors

    The following figure shows the recovery tree to use if the output from the switch displays "UP WITH ERRORS" in the Cascade Up and Cascade Down columns when you issue the show stack health command. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 55: Locating The Switch Console Ports

    Locating the switch console ports Procedure Figure 18: Stack Health Check: Cascade Up and Cascade Down columns display UP WITH ERRORS Locating the switch console ports The following figure identifies the ports on the ERS 3500 switches: Troubleshooting 5.1 February 2013...

  • Page 56: Using The Diagnostics Menu

    Emergency recovery trees Figure 19: ERS 3500 Series switch console ports Using the Diagnostics Menu On power up, the Power-On Self Tests (POST) are executed and the following is displayed: Test 111 DDRAM Walking 1/0s -PASSED Test 112 DDRAM Byte/Word/Long...
  • Page 57 Using the Diagnostics Menu Test 221 PHYs Register -PASSED Test 271 Ports Internal Loopback -PASSED If an error is found, the test reports FAILED and an error message is displayed and stored in the Error Log. The Error Log may contain up to 10 POST (or Burn-In) errors. Use the 'e' — show errors command in the Press menu or the Manufacturing SHOWLOG command to display errors.

  • Page 58: Example Checking Pvid Of Ports

    Example Checking PVID of ports The following figure shows output from the show vlan interface info command. Example VLAN Interface VLAN IDs The following figure provides example output from the show vlan interface vids command. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 59 Example VLAN Interface VLAN IDs Troubleshooting 5.1 February 2013...

  • Page 60: Tagging Options

    Emergency recovery trees Tagging options Use the commands and outputs in this example to assist in adding missing VLANs to affected uplink ports. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 61: Chapter 9: Troubleshooting Hardware

    Chapter 9: Troubleshooting hardware Use this section for hardware troubleshooting specific to the Ethernet Routing Switch 3500 Series. Work flow Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems: Troubleshooting 5.1 February 2013...
  • Page 62 Troubleshooting hardware Figure 20: Troubleshooting hardware Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 63: Check Power

    Check power Confirm power is being delivered to the device. Task flow Check power The following task flow assists you to confirm that the Ethernet Routing Switch 3500 Series device is powered correctly. Figure 21: Check power Correcting voltage source Confirm the power cord is connected to the appropriate voltage source.
  • Page 64 • Status LED blinking amber: Power On Self Test (POST) failure • Power LED blinking: corrupt flash Reloading agent code Reload the agent code on the Ethernet Routing Switch 3500 Series device to eliminate corrupted or damaged code that causes a partial boot of the device. Caution: Ensure you have adequate backup of your configuration prior to reloading software.

  • Page 65: Check Port

    Check port Check port Confirm the port and ethernet cable connecting the port are in proper configuration. Task flow Check port The following task flow assists you to check the port and ethernet cables: Figure 22: Check port Viewing port information Review the port information to ensure that the port is enabled.

  • Page 66: Check Fiber Port

    Confirm the fiber port is working and the cable connecting the port is the proper type. Task flow Check fiber port The following task flow assists you to confirm that the fiber port cable is functioning and is of the proper type. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 67 2. Note the port status. Enabling the port Ensure the port on the Ethernet Routing Switch 3500 series device is enabled. 1. Use the no shutdown command to change the port configuration. 2. Use the show interfaces <port>command to display the port information.

  • Page 68: Replace Unit

    Caution: Due to physical handling of the device and your physical proximity to electrical equipment, review and adhere to all safety instructions and literature included with device and in Avaya Ethernet Routing Switch 3500 Series – Regulatory Information (NN47203-100). Verifying software version is correct on new device Verify that the new device to be inserted has the identical software version.
  • Page 69 2. Allow time for the configuration of the failed unit to be replicated on the new unit. 3. Confirm that the new unit has reset itself. This confirms that replication has completed. Returning unit for repair Return unit to Avaya for repair. Contact Avaya for return instructions and RMA information. Troubleshooting 5.1 February 2013...
  • Page 70 Troubleshooting hardware Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 71: Chapter 10: Troubleshooting Adac

    Chapter 10: Troubleshooting ADAC Automatic Detection and Automatic Configuration (ADAC) can encounter detection and configuration errors that can be easily corrected. ADAC clarifications ADAC VLAN settings are dynamic and are not saved to nonvolatile memory. When ADAC is enabled, all VLAN settings that you manually made on ADAC uplink or telephony ports are dynamic and are not saved to non-volatile memory.

  • Page 72: Ip Phone Is Not Detected

    The following work flow assists you to resolve detection issues. Figure 25: IP phone not detected Correct filtering Configure the VLAN filtering to allow ADAC. Task flow Correct filtering The following task flow assists you to correct the filtering. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 73: Reload Adac Mac In Range Table

    IP phone is not detected Figure 26: Correct filtering Confirming port belongs to at least one VLAN View information to ensure that the port belongs to a VLAN. 1. Use the show vlan interface info <port> command to view the details. 2.
  • Page 74 MAC addresses already learned on the respective port are aged out. 1. Use the no adac enable <port> command to disable ADAC. 2. Use the adac enable <port>command to enable ADAC. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 75: Reduce Lldp Devices

    IP phone is not detected Reduce LLDP devices Reduce the number of LLDP devices. More than 16 devices may cause detection issues. Task flow Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system. Figure 28: Reduce LLDP devices Viewing LLDP information Display the LLDP devices that are connected to a port.

  • Page 76: Auto Configuration Is Not Applied

    Figure 29: Auto configuration is not applied Correct auto configuration Tagged frames mode may be causing a problem. In tagged frames mode, everything is configured correctly, but auto configuration is not applied on a telephony port. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 77 Auto configuration is not applied Task flow Correct auto configuration The following task flow assists you to correct auto configuration. Figure 30: Correct auto configuration Viewing ADAC global status Display the global status of ADAC. 1. Use the show adac command to display the ADAC information. 2.
  • Page 78 Configuring another call server and uplink port can assist the auto configuration. 1. Use the adac uplink-port <port> command to assign the uplink port. 2. Use the adac call-server-port <port> command to assign the call server port. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 79: Chapter 11: Configuring Sla Monitor

    Chapter 11: Configuring SLA Monitor Use the procedures in this chpater to configure SLA Monitor using either ACLI or Enterprise Device Manager (EDM). Configuring the SLA Monitor agent using ACLI Use the procedures in this section to configure the SLA Monitor agent. Displaying SLA Monitor agent settings Use this procedure to view the global SLA Monitor agent settings.
  • Page 80 12. To configure the agent automatic CLI session timeout value, enter the following command: [default] slamon cli–timeout <60–600> 13. To enable the agent automatic CLI session timeout, enter the following command: slamon cli–timeout—mode enable Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 81 Configuring the SLA Monitor agent using ACLI default slamon cli–timeout—mode 14. To disable the agent automatic CLI session timeout, enter the following command: no slamon cli–timeout—mode [enable] 15. To configure the agent server IP address, enter the following command: slamon server ip address {A.B.C.C} [{A.B.C.D}] 16.

  • Page 82: Configuring Sla Monitor Using Edm

    The default is 0, which means the agent disregards the source port information in server traffic. The agent must use the same port. Configuring SLA Monitor using EDM Use this procedure to configure SLA Monitor. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 83 Configuring SLA Monitor using EDM Procedure 1. In the navigation tree, double-click Serviceability. 2. In the Serviceability tree, click SLA Monitor. 3. In the SLA Monitor tab, configure parameters as required. 4. On the toolbar, click Apply. SLA Monitor tab field descriptions Name Description Status...
  • Page 84 AgentPort Indicates the agent port. This is a read-only field. RegisteredWithServer Indicates whether the agent is registered with a server. This is a read-only field. RegisteredServerAddrType Indicates IPv4–based communications. This is a read-only field. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 85: Chapter 12: Troubleshooting Authentication

    Chapter 12: Troubleshooting authentication Authentication issues can interfere with device operation and function. The following work flow shows common authentication problems. Work flow Troubleshooting authentication The following work flow shows typical authentication problems. These work flows are not dependant upon each other. Figure 31: Troubleshooting authentication Troubleshooting 5.1 February 2013...

  • Page 86: Eap Client Authentication

    EAP client authentication This section provides troubleshooting guidelines for the EAP and non-EAP features on the Ethernet Routing Switch 3500 Series devices. Work flow EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected.

  • Page 87: Restore Radius Connection

    EAP client authentication Figure 32: EAP client is not authenticating Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device. Troubleshooting 5.1 February 2013...
  • Page 88 This section provides troubleshooting guidelines for obtaining the RADIUS server settings. 1. Obtain network information for the RADIUS server from the Planning and Engineering documentation. 2. Follow vendor documentation to set the RADIUS authentication method MD5 Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 89: Enable Eap On The Pc

    EAP client authentication Viewing RADIUS information Review the RADIUS server settings in the device. The default server port is 1812/UDP. Older servers may use 1645/UDP, and other older servers do not support UDP at all. 1. Use the show radius-server command to view the RADIUS server settings. 2.

  • Page 90: Apply The Method

    3. Ensure the card is configured to support EAP. Apply the method Ensure you apply the correct EAP method. Task flow Apply the method The following task flow assists you to apply the correct EAP method. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 91: Enable Eap Globally

    2. Save the information for later reference. Enable EAP globally Enable EAP globally on the 3500 Series device. Task flow Enable EAP globally The following task flow assists you to enable EAP globally on the 3500 Series device. Troubleshooting 5.1 February 2013...
  • Page 92 Figure 36: Enable EAP globally Enabling EAP globally Enable EAP globally on the Ethernet Routing Switch 3500 Series device. 1. Use the eapol enable command to enable EAP globally on the 3500 Series device. 2. Ensure that there are no errors after command execution.

  • Page 93: Eap Multihost Repeated Re-Authentication Issue

    EAP multihost repeated re-authentication issue Setting EAPOL port administrative status to auto Set the EAPOL port administrative status to auto. 1. Use the eapol status auto command to change the port status to auto. 2. Ensure that there are no errors after the command execution. EAP multihost repeated re-authentication issue Eliminate the multiple authentication of users.

  • Page 94: Match Eap-Mac-Max To Eap Users

    Use the show eapol multihost status command to display the authenticated users. Task flow Match EAP-MAC-MAX to EAP users The following task flow assists you to match the EAP-MAC-MAX to the number of EAP users. Figure 38: Match EAP-MAC-MAX to EAP users Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 95: Set Eapol Request Packet

    EAP multihost repeated re-authentication issue Lowering EAP max MAC Lower the eap-mac-max value to match the users. 1. Use the eapol multihost eap-mac-max command to set the mac-max value. 2. Ensure that there are no errors after execution. Set EAPOL request packet Change the request packet generation to unicast.

  • Page 96: Eap Radius Vlan Is Not Being Applied

    Ensure that the RADIUS VLAN is applied correctly to support EAP. Work flow EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN not being applied. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 97: Configure Vlan At Radius

    EAP RADIUS VLAN is not being applied Figure 40: EAP RADIUS VLAN is not being applied Configure VLAN at RADIUS Correct any discrepancies in VLAN information at the RADIUS server. Task flow Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server. Troubleshooting 5.1 February 2013...
  • Page 98 Obtain the radius information to identify its settings. Use vendor documentation to obtain settings display. Configuring RADIUS Configure the RADIUS server with the correct VLAN information. Use vendor documentation to make the required changes. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 99: Configure Switch

    • Tunnel-Pvt-Group-ID – <VLAN ID> • Tunnel-Type – Virtual LANs (VLAN) Configure switch The VLAN must be configured correctly on the Ethernet Routing Switch 3500 Series device. Task flow Configure switch The following task flow assists you to configure the VLAN on the device.
  • Page 100 Set the VLAN config control to flexible to avoid complications with strict. 1. Use the vlan config control flexible command to set the VLAN config control to flexible. 2. Ensure that there are no errors after execution. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 101: Configured Mac Is Not Authenticating

    Configure the switch to ensure the correct settings are applied to ensure the MAC is authenticating. Task flow Configure the switch The following task flow assists you to ensure the MAC is authenticating on the ERS 3500 Series device. Troubleshooting 5.1...
  • Page 102 Make corrections to ensure that EAP is enabled globally, and that the port EAP status is set to auto. 1. Use the eapol enable command to enable EAP globally. 2. Use the eapol status auto command to change port status to auto. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 103 Configured MAC is not authenticating Showing EAPOL multihost Display the EAPOL multihost information. 1. Enter the show eapol multihost command to display the information. 2. Ensure that Allow Non-EAPOL clients is enabled. Enabling allow non-EAPOL clients Correct the non-EAPOL client attribute. 1.

  • Page 104: Non-Eap Radius Mac Not Authenticating

    Work flow Non-EAP RADIUS MAC not authenticating The following work flow assists you to determine the cause of and solution for a RADIUS MAC that does not authenticate. Figure 45: Non-EAP RADIUS MAC not authenticating Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 105: Configure Switch

    Configure switch Correct the switch configuration to correct the issue with RADIUS MAC. Task flow Configure switch The following task flow assists you to configure the ERS 3500 Series device to correct the RADIUS MAC issue. Figure 46: Configure switch Displaying EAPOL port Review the EAPOL port information.
  • Page 106 Displaying EAPOL multihost interface Review the EAPOL multihost information. 1. Enter the show eapol multihost interface <port#> command to display the information. 2. Verify the following: Use RADIUS To Authenticate Non EAP MACs is enabled Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 107: Radius Server Configuration Error

    Make the required changes on the RADIUS server to authenticate non-EAP clients. Apply changes to RADIUS server using vendor documentation. RADIUS server configuration error The RADIUS server requires that the correct MAC address and password for the 3500 Series device be configured. Task flow RADIUS server configuration error The following task flow assists you to configure the RADIUS server with the correct MAC and password.

  • Page 108: Non-Eap Mhsa Mac Is Not Authenticating

    Figure 48: Non-EAP MHSA MAC is not authenticating Configure switch Configure the switch to enable MHSA. Task flow Configure switch The following task flow assists you to enable MHSA on the ERS 3500 Series device. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

  • Page 109: Troubleshooting 5.1 February

    Non-EAP MHSA MAC is not authenticating Figure 49: Configure switch Troubleshooting 5.1 February 2013...
  • Page 110 1. Enter the show eapol multihost interface <port#> command to display the information. 2. Note the following: Allow Auto Non-EAP MHSA: Enabled Enabling RADIUS to auth non-EAP MACs Make the required changes on the RADIUS server to authenticate non-EAP clients Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 111 EAP–non-EAP unexpected port shutdown Apply changes to RADIUS server using vendor documentation. EAP–non-EAP unexpected port shutdown Identify the reason for the port shutdown and make configuration changes to avoid future problems. Work flow EAP–non-EAP unexpected port shutdown The following work flow assists you to determine the solution for EAP–non-EAP ports experiencing a shutdown.
  • Page 112 Showing EAP–non-EAP clients on port Display EAP–non-EAP client information on the port to provide additional information. 1. Use the show mac-address-table command to show the clients on the port. 2. Observe the log output and note any anomalies. Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...
  • Page 113 EAP–non-EAP unexpected port shutdown Showing EAPOL port information Display EAPOL port information for additional information. 1. Use the show eapol port <port#> command to display the port information. 2. Observe the log output and note any anomalies. Making changes This section provides troubleshooting guidelines for changing the EAP settings. It assists in the cleanup of old MAC addresses.
  • Page 114 Troubleshooting authentication Troubleshooting 5.1 February 2013 Comments? infodev@avaya.com...

Table of Contents