The Switch Appears To Be Properly Configured As A Supplicant, But Cannot Gain Access To The Intended Authenticator Port On The Switch To Which It Is Connected; The Supplicant Statistics Listing Shows Multiple Ports With The Same Authenticator Mac Address; The Show Port-Access Authenticator <Port-List> Command Shows One Or More Ports Remain Open After They Have Been Configured With Control Unauthorized; Radius Server Fails To Respond To A Request For Service, Even Though The Server's Ip Address Is Correctly Configured In The Switch - HP Aruba JL253A Management And Configuration Manual

The switch appears to be properly configured as a supplicant, but cannot gain access
to the intended authenticator port on the switch to which it is connected
If aaa authentication port-access is configured for Local, ensure that you have entered the local login
(operator-level) username and password of the authenticator switch into the identity and secret parameters
of the supplicant configuration. If instead, you enter the enable (manager-level) username and password, access
will be denied.
The supplicant statistics listing shows multiple ports with the same authenticator MAC
address
The link to the authenticator may have been moved from one port to another without the supplicant statistics
having been cleared from the first port. See "Note on Supplicant Statistics" in the chapter on Port-Based and
User-Based Access Control in the access security guide for your switch.
The show port-access authenticator <port-list> command shows one or
more ports remain open after they have been configured with control unauthorized
802.1X is not active on the switch. After you execute aaa port-access authenticator active, all ports
configured with control unauthorized should be listed as Closed.
Authenticator ports remain "open" until activated
switch(config)# show port-access authenticator e 9
Port Access Authenticator Status
Port-access authenticator activated [No] : No
Port Status Control
---- ------ -------- -------------- --------------
9 Open
Switch(config)# show port-access authenticator active
Switch(config)# show port-access authenticator e 9
Port Access Authenticator Status
Port-access authenticator activated [No] : Yes
Port Status Control
---- ------ -------- -------------- --------------
9 Closed FU
1
Port A9 shows an "Open" status even though Access Control is set to Unauthorized (Force Auth). This is
because the port-access authenticator has not yet been activated.
RADIUS server fails to respond to a request for service, even though the server's IP
address is correctly configured in the switch
Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the
server being contacted. If the switch has only a global key configured, it either must match the server key or you
must configure a server-specific key. If the switch already has a server-specific key assigned to the server's IP
address, it overrides the global key and must match the server key.
Displaying encryption keys
switch(config)# show radius
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 5
466
Access Authenticator Authenticator
State Backend
1
FU Force Auth
Access Authenticator Authenticator
State Backend
Force Unauth
State
Idle
State
Idle
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08