Table of Contents
Advertisement
No.
Troubleshooting Steps and Command
7
Execute the show dot1x logging
command and check to see if dynamic
assignment of VLAN authentication
(dynamic) failed.
If communication is not possible on the port or VLAN on which IEEE 802.1X runs, isolate the problem by following
failure analysis methods shown in the table below. Otherwise, see
[IP8800/S3600] [IP8800/S2400]
3.
Troubleshooting Functional Failures in Operation
• If "Failed to assign VLAN.(Reason: No Tunnel-Type Attribute)" is output, the
dynamic assignment has been failed as there is no Tunnel-Type attribute in the
RADIUS attribute of the RADIUS frame. Add the Tunnel-Type attribute in
setting of the RADIUS attribute for the RADIUS server.
• If "Failed to assign VLAN.(Reason:Tunnel-Type Attribute is not VLAN(13) )"
is output, the dynamic assignment has been failed as the value of Tunnel-Type
attribute of the RADIUS attribute is not VLAN(13). Set the value of
Tunnel-Type for the RADIUS server to VLAN(13).
• If "Failed to assign VLAN.(Reason: No Tunnel-Medium-Type Attribute)" is
output, the dynamic assignment has been failed as there is no
Tunnel-Medium-Type attribute of RADIUS server. Add the
Tunnel-Medium-Type attribute in setting of the RADIUS attribute for the
RADIUS server.
• If "Failed to assign VLAN. (Reason: Tunnel-Medium-Type Attribute is not
IEEE802(6) )" is output, the dynamic assignment has been failed as the value of
Tunnel-Medium-Type attribute is not IEEE802(6) or the Tag value did not
match with the Tag of the Tunnel-Type attribute although the
Tunnel-Medium-Type value was matched. Set the Tunnel-Medium-Type
attribute value of the RADIUS attribute for the RADIUS server or Tag to the
correct value.
• If "Failed to assign VLAN.(Reason: No Tunnel-Private-Group-ID Attribute)" is
output, the dynamic assignment has been failed as Tunnel-Private-Group-ID
attribute of the RADIUS attribute for the RADIUS server is not set. Set the
Tunnel-Private-Group-ID attribute of the RADIUS attribute for the RADIUS
server.
• If "Failed to assign VLAN.(Reason: Invalid Tunnel-Private-Group-ID
Attribute)" is output, the dynamic assignment has been failed as
Tunnel-Private-Group-ID attribute of the RADIUS attribute contained an illegal
value. Set the correct VLAN ID for the Tunnel-Private-Group-ID attribute of
the RADIUS attribute for the RADIUS server.
• If "Failed to assign VLAN. (Reason: The VLAN ID is out of range.)" is output,
the dynamic assignment has been failed as VLAN ID set for the
Tunnel-Private-Group-ID attribute of the RADIUS attribute for the RADIUS
server was out of range. Set the correct VLAN ID for the
Tunnel-Private-Group-ID attribute.
• If "Failed to assign VLAN. (Reason: The port doesn't belong to VLAN.)" is
output, the dynamic assignment has been failed as authentication port does not
belong to the VLAN ID specified for the Tunnel-Private-Group-ID attribute of
the RADIUS attribute for the RADIUS server. Match the VLAN ID set for the
Tunnel-Private-Group-ID attribute of the RADIUS attribute for the RADIUS
server with the VLAN ID of MAC VLAN set on the authentication port.
• If "Failed to assign VLAN. (Reason: The VLAN ID is not set to radius-vlan.)"
is output, the VLAN ID specified for the Tunnel-Private-Group-ID attribute as
the RADIUS attribute for the RADIUS server was not the target for VLAN
authentication (dynamic). Match the VLAN ID set for the
Tunnel-Private-Group-ID attribute of the RADIUS attribute for the RADIUS
server with the VLAN ID of MAC VLAN set on the authentication port.
Otherwise, see the log of the RADIUS server and check to see if authentication
failed.
"3.5 Layer 2 Network Communication
Action
Failure."
91
Advertisement
Table of Contents
Troubleshooting
