1. Manuals
  2. Brands
  3. EXTREME SWITCHING Manuals
  4. Switch
  5. 3600 Series
  6. Troubleshooting manual

EXTREME SWITCHING 3600 Series Troubleshooting Manual

Ethernet routing switch
Hide thumbs Also See for 3600 Series:
Table of Contents

Advertisement

Quick Links

Troubleshooting Ethernet Routing Switch
3600 Series
Release 6.3
9035810 Rev AA
August 2019

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3600 Series and is the answer not in the manual?

Questions and answers

Related Manuals for EXTREME SWITCHING 3600 Series

Summary of Contents for EXTREME SWITCHING 3600 Series

  • Page 1 Troubleshooting Ethernet Routing Switch 3600 Series Release 6.3 9035810 Rev AA August 2019...
  • Page 2 © 2017-2019, Extreme Networks, Inc. All Rights Reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made.

  • Page 3: Table Of Contents

    CLI Command Modes Chapter 8: Initial troubleshooting.................. 26 ......................... 26 Gather information Chapter 9: Emergency recovery trees..................  28 .....................  28 Emergency recovery trees .........................  29 Corruption of flash .................. 30 Incorrect Port VLAN Identifier (PVID) August 2019 Troubleshooting ERS 3600 Series...
  • Page 4 Auto configuration is not applied .................... 74 Correct auto configuration Chapter 12: Troubleshooting authentication...............  76 .......................  77 EAP client authentication ....................  78 Restore RADIUS connection ..................... 80 Enable EAP on the PC ...................... 81 Apply the method August 2019 Troubleshooting ERS 3600 Series...
  • Page 5 Non-EAP RADIUS MAC not authenticating ...................... 94 Configure switch .................. 96 RADIUS server configuration error ................ 97 Non-EAP MHSA MAC is not authenticating ...................... 98 Configure switch ................ 100 EAP–non-EAP unexpected port shutdown ...................... 101 Configure switch .................... 103 Non-EAP freeform password August 2019 Troubleshooting ERS 3600 Series...

  • Page 6: Chapter 1: About This Document

    Situations that will result in severe bodily injury; up to Danger: and including death. Risk of severe personal injury or critical loss of data. Warning: Risk of personal injury, system damage, or loss of Caution: data. August 2019 Troubleshooting ERS 3600 Series...
  • Page 7 Plain Courier Text Plain Courier text indicates command names, options, and text that you must enter. Plain Courier text also indicates command syntax and system output, for example, prompts and system messages. Table continues… August 2019 Troubleshooting ERS 3600 Series...

  • Page 8: Documentation And Training

    Matrices White papers, data sheets, case https://www.extremenetworks.com/resources/ studies, and other product resources Training Extreme Networks offers product training courses, both online and in person, as well as specialized certifications. For more information, visit www.extremenetworks.com/education/. August 2019 Troubleshooting ERS 3600 Series...

  • Page 9: Getting Help

    2. Complete the form with your information (all fields are required). 3. Select the products for which you would like to receive notifications. Note: You can modify your product selections or unsubscribe at any time. 4. Click Submit. August 2019 Troubleshooting ERS 3600 Series...

  • Page 10: Providing Feedback To Us

    • Email us at documentation@extremenetworks.com. Please provide the publication title, part number, and as much detail as possible, including the topic heading and page number if applicable, as well as your suggestions for improvement. August 2019 Troubleshooting ERS 3600 Series...

  • Page 11: Chapter 2: New In This Document

    Chapter 2: New in this document There are no feature updates in this document. August 2019 Troubleshooting ERS 3600 Series...

  • Page 12: Chapter 3: Troubleshooting Tools

    Certain protocols and tools are tailored for troubleshooting specific network topologies. Other tools are more general in their application and can be used to diagnose and monitor ingress and egress traffic. August 2019 Troubleshooting ERS 3600 Series...

  • Page 13: Chapter 4: Troubleshooting Planning

    You can minimize the need for troubleshooting and to plan for doing it as effectively as possible. 1. Use the Documentation Reference for Ethernet Routing Switch 3600 Series to familiarize yourself with the documentation set, so you know where to get information when you need it.
  • Page 14 This speeds the process of isolating network problems. August 2019 Troubleshooting ERS 3600 Series...

  • Page 15: Chapter 5: Troubleshooting Fundamentals

    The following limitations apply to the ingress and egress mode: • the same limitation on the XTX portion also applies to the ingress and egress mode • the monitor port and the mirror port should be on the same unit in a stack. August 2019 Troubleshooting ERS 3600 Series...

  • Page 16: Many To One Port Mirroring

    Use port statistics commands to display information on received and transmitted packets at the ports. The ingress and egress counts occur at the MAC layer. For more information regarding port statistics and commands, see Configuring System Monitoring on Ethernet Routing Switch 3600 Series. August 2019 Troubleshooting ERS 3600 Series...

  • Page 17: System Logs

    Configuring System Monitoring on Ethernet Routing Switch 3600 Series. Show environmental This feature displays environmental information, such as power supply status, fan status, and switch system temperature. For more information, see Configuring System Monitoring on Ethernet Routing Switch 3600 Series. August 2019 Troubleshooting ERS 3600 Series...

  • Page 18: Ascii Configurator Generator

    The switch supports both industry-standard SNMP traps, as well as private Extreme Networks enterprise traps. SNMP trap notification-control provides a generic mechanism for the trap generation control that works with any trap type. For more information, see Configuring System Monitoring on Ethernet Routing Switch 3600 Series. August 2019 Troubleshooting ERS 3600 Series...

  • Page 19: Snmp Trap List Web Page In Edm

    • gathering cumulative statistics for Ethernet interfaces • tracking a history of statistics for Ethernet interfaces For more information on RMON per port statistics, history, alarms, and events, see Configuring System Monitoring on Ethernet Routing Switch 3600 Series. August 2019 Troubleshooting ERS 3600 Series...

  • Page 20: Chapter 6: Troubleshooting Fabric Attach

    Fabric Attach Primary Server Descr: <none> Verifying FA message authentication status Use this procedure to verify whether both FA Proxy and FA Server have the same authentication settings (enabled on both, or disabled on both). August 2019 Troubleshooting ERS 3600 Series...

  • Page 21: Verifying Fa Per-Port Settings

    2. Use the show fa port-enable command to check FA per-port settings. 3. If FA per-port settings prohibit message exchange, use the fa port-enable command to enable FA on required ports. 4. You can repeat step 2 to confirm settings. August 2019 Troubleshooting ERS 3600 Series...

  • Page 22: Verifying Discovered Fa Elements

    =============================================================================== UNIT/ ELEM OPER ASGN OPER PORT EXPANDED TYPE AUTH STATUS AUTH STATUS ------------------------------------------------------------------------------- State Legend: (Tagging/AutoConfig) T=Tagged, U=UntaggedPvid, O=UntaggedOnly, D=Disabled, S=Spbm, V=Vlan, I=Invalid Auth Legend: AP=Authentication Pass, AF=Authentication Fail, NA=Not Authenticated, N=None ------------------------------------------------------------------------------- August 2019 Troubleshooting ERS 3600 Series...

  • Page 23: Chapter 7: General Diagnostic Tools

    • end from any command mode directly to Privileged EXEC mode • disable to navigate from Privileged EXEC mode to User EXEC mode • logout to terminate the CLI session from any command mode August 2019 Troubleshooting ERS 3600 Series...
  • Page 24 From Global Configuration mode: To return to Global Configuration mode, enter Switch (config-router)# To configure RIP, enter router exit To return to Privileged Executive mode, enter To exit CLI completely, enter logout Table continues… August 2019 Troubleshooting ERS 3600 Series...
  • Page 25 Application Configuration From Global, or Interface To return to Global Configuration Configuration mode, enter mode, enter Switch (config-app)# application exit To return to Privileged Executive mode, enter To exit CLI completely, enter logout August 2019 Troubleshooting ERS 3600 Series...

  • Page 26: Chapter 8: Initial Troubleshooting

    • Connectivity information. When connectivity problems occur, get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues. To obtain this information, use the following commands: - show tech August 2019 Troubleshooting ERS 3600 Series...
  • Page 27 Gather information - show running-config - show port-statistics <port> August 2019 Troubleshooting ERS 3600 Series...

  • Page 28: Chapter 9: Emergency Recovery Trees

    Emergency recovery trees The following work flow shows the ERTs included in this section. Each ERT describes steps to correct a specific issue; the ERTs are not dependant upon each other. Figure 1: Emergency Recovery Trees August 2019 Troubleshooting ERS 3600 Series...

  • Page 29: Corruption Of Flash

    Initializing of the flash is one way to clear a corrupted configuration file and is required before a Return Merchandise Authorization (RMA). For assistance with tasks in the Corruption of Flash Emergency Recovery Tree, see Using the Diagnostics Menu on page 56. August 2019 Troubleshooting ERS 3600 Series...

  • Page 30: Incorrect Port Vlan Identifier (Pvid)

    Port VLAN identifier (PVID) is a classification mechanism that associates a port with a specific VLAN. For example, a port with a PVID of 3 (PVID=3) assigns all untagged frames received on this port to VLAN 3. August 2019 Troubleshooting ERS 3600 Series...
  • Page 31 For examples that show how to check the PVID of ports, and how to make PVID corrections, see • Example Checking PVID of ports on page 57 • Example VLAN Interface VLAN IDs on page 57 Incorrect PVID recovery tree Figure 3: Incorrect PVID recovery tree August 2019 Troubleshooting ERS 3600 Series...

  • Page 32: Uplink Ports Not Tagged To Vlan

    VLAN on the ERS 8600 Series switch are not able to communicate with devices at the ERS 3600 Series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 3600 Series switch.

  • Page 33: Snmp

    SNMP failure may be the result of an incorrect configuration of the management station or its setup. If you can reach a device, but no traps are received, then verify the trap configurations (the trap destination address and the traps configured to be sent). August 2019 Troubleshooting ERS 3600 Series...

  • Page 34: Snmp Recovery Tree

    Emergency recovery trees SNMP recovery tree About this task The following figures show the SNMP recovery tree. Procedure August 2019 Troubleshooting ERS 3600 Series...
  • Page 35 SNMP Figure 5: SNMP part 1 August 2019 Troubleshooting ERS 3600 Series...

  • Page 36: Stack

    Figure 6: SNMP part 2 Stack Stack failure can be the result of a communication error between the individual units typically due to stack cabling issues. Failures can also arise after multiple bases are configured. August 2019 Troubleshooting ERS 3600 Series...

  • Page 37: Stack Recovery Tree

    Base Unit Select switch set to this position. • Cable incorrectly inserted into the corresponding Cascade Up or Cascade Down port.. Stack recovery tree About this task The following figures show the stack recovery tree. Procedure August 2019 Troubleshooting ERS 3600 Series...
  • Page 38 Emergency recovery trees Figure 7: Stack part 1 August 2019 Troubleshooting ERS 3600 Series...
  • Page 39 Stack Figure 8: Stack part 2 August 2019 Troubleshooting ERS 3600 Series...
  • Page 40 Emergency recovery trees Figure 9: Stack part 3 August 2019 Troubleshooting ERS 3600 Series...
  • Page 41 Stack Figure 10: Stack part 4 August 2019 Troubleshooting ERS 3600 Series...

  • Page 42: Dynamic Host Configuration Protocol (Dhcp) Relay

    For example, the ports that provide connection to the network core or DHCP server are not set as trusted for DHCP snooping. DHCP recovery tree About this task The following figure shows the DHCP relay recovery tree. Procedure Figure 11: DHCP August 2019 Troubleshooting ERS 3600 Series...

  • Page 43: Agent Recovery

    Authorization (RMA). They should be corrected in the field. For assistance with tasks shown in the Agent Recovery emergency recovery tree, see Using the Diagnostics Menu on page 56. Agent Recovery Emergency Recovery Tree Figure 12: Agent Recovery Emergency Recovery Tree August 2019 Troubleshooting ERS 3600 Series...

  • Page 44: Aaur: Configuration For The Units In The Stack Is Not Saved On The Base Unit

    The following figure shows the recovery tree to save configuration for the units in the stack to the base unit. Check that AUR is enabled. If AUR is not enabled, either save the configuration manually or enable AUR. Procedure August 2019 Troubleshooting ERS 3600 Series...
  • Page 45 AAUR: configuration for the units in the stack is not saved on the base unit Figure 13: Configuration for the units in the stack is not saved on the base unit August 2019 Troubleshooting ERS 3600 Series...

  • Page 46: Aaur: Both Units Display Yes For Ready For Replacement

    In a stack of two units, you enter the show stack auto-unit-replacement command and both units display as ready for replacement (only the non–base unit should be ready for replacement in a stack of two units). The following figure shows the recovery tree to correct the issue. Procedure August 2019 Troubleshooting ERS 3600 Series...
  • Page 47 AAUR: Both units display yes for Ready for Replacement Figure 14: Both units display yes for Ready for Replacement August 2019 Troubleshooting ERS 3600 Series...

  • Page 48: Daur

    Diagnostic image transfer does not start recovery tree About this task The following figure shows the recovery tree to correct issues if a new unit fails to copy the diagnostic image from the stack. Procedure August 2019 Troubleshooting ERS 3600 Series...
  • Page 49 DAUR Figure 15: Diagnostic image transfer does not start August 2019 Troubleshooting ERS 3600 Series...

  • Page 50: Stack Forced Mode

    If you cannot access a standalone switch in a broken stack of two units, even though you had enabled the Stack Forced Mode feature, check that the standalone device still has a physical connection to the network. The following figure shows the recovery tree for this scenario. August 2019 Troubleshooting ERS 3600 Series...

  • Page 51: Stack Health Check: Cascade Up And Cascade Down Columns Display Link Down Or Missing

    Use the recovery tree in this section if the output from the switch displays "LINK DOWN" or "MISSING" in the Cascade Up or Cascade Down columns when you issue the show stack health command. August 2019 Troubleshooting ERS 3600 Series...

  • Page 52: Cascade Up And Cascade Down Columns Display Link Down Or Missing Recovery Tree

    The following figure shows the recovery tree to use if the output from the switch displays "LINK DOWN" or "MISSING" in the Cascade Up or Cascade Down columns when you issue the show stack health command. August 2019 Troubleshooting ERS 3600 Series...
  • Page 53 Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or MISSING Figure 17: Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or August 2019 Troubleshooting ERS 3600 Series...

  • Page 54: Stack Health Check: Cascade Up And Cascade Down Columns Display Up With Errors

    The following figure shows the recovery tree to use if the output from the switch displays "UP WITH ERRORS" in the Cascade Up and Cascade Down columns when you issue the show stack health command. August 2019 Troubleshooting ERS 3600 Series...
  • Page 55 Stack Health Check: Cascade Up and Cascade Down columns display UP WITH ERRORS Figure 18: Stack Health Check: Cascade Up and Cascade Down columns display UP WITH ERRORS August 2019 Troubleshooting ERS 3600 Series...

  • Page 56: Using The Diagnostics Menu

    Burn-In Errors = DISABLED Default Baud 9600 Error Log: Bad Port Mask = 00000000 Loop Test Error Description: <errors> The flash config/log area is initialized. This area is used by the Agent code. Table continues… August 2019 Troubleshooting ERS 3600 Series...

  • Page 57: Example Checking Pvid Of Ports

    Example Checking PVID of ports The following figure shows output from the show vlan interface info command. Example VLAN Interface VLAN IDs The following figure provides example output from the show vlan interface vids command. August 2019 Troubleshooting ERS 3600 Series...
  • Page 58 Emergency recovery trees August 2019 Troubleshooting ERS 3600 Series...

  • Page 59: Tagging Options

    Tagging options Tagging options Use the commands and outputs in this example to assist in adding missing VLANs to affected uplink ports. August 2019 Troubleshooting ERS 3600 Series...

  • Page 60: Chapter 10: Troubleshooting Hardware

    Chapter 10: Troubleshooting hardware Use this section for hardware troubleshooting. Work flow Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems: August 2019 Troubleshooting ERS 3600 Series...
  • Page 61 Work flow Troubleshooting hardware Figure 19: Troubleshooting hardware August 2019 Troubleshooting ERS 3600 Series...

  • Page 62: Check Power

    Check power Confirm power is being delivered to the device. Task flow Check power The following task flow assists you to confirm that the ERS 3600 Series device is powered correctly. Figure 20: Check power Correcting voltage source Confirm the power cord is connected to the appropriate voltage source.

  • Page 63: Check Port

    • Status LED blinking amber: Power On Self Test (POST) failure • Power LED blinking: corrupt flash Reloading agent code Reload the agent code on the ERS 3600 Series device to eliminate corrupted or damaged code that causes a partial boot of the device. Caution: Ensure you have adequate backup of your configuration prior to reloading software.
  • Page 64 Figure 21: Check port Viewing port information Review the port information to ensure that the port is enabled. 1. Use the show interfaces <port> command to display the port information. 2. Note the port status. August 2019 Troubleshooting ERS 3600 Series...

  • Page 65: Check Fiber Port

    Confirm the fiber port is working and the cable connecting the port is the proper type. Task flow Check fiber port The following task flow assists you to confirm that the fiber port cable is functioning and is of the proper type. August 2019 Troubleshooting ERS 3600 Series...
  • Page 66 1. Use the show interfaces <port> command to display the port information. 2. Note the port status. Enabling the port Ensure the port on the switch device is enabled. 1. Use the no shutdown command to change the port configuration. August 2019 Troubleshooting ERS 3600 Series...

  • Page 67: Replace Unit

    1. Connect the new device to the console. 2. Use the show sys-info command to view the software version. Powering on the unit Energize the unit after it is connected and ready to integrate. August 2019 Troubleshooting ERS 3600 Series...
  • Page 68 3. Confirm that the new unit has reset itself. This confirms that replication has completed. Returning unit for repair Return unit to Extreme Networks for repair. Contact Extreme Networks for return instructions and RMA information. August 2019 Troubleshooting ERS 3600 Series...

  • Page 69: Chapter 11: Troubleshooting Adac

    If you enable the LLDP detection mechanism for telephony ports, then LLDP itself has to be enabled on the switch. Otherwise, ADAC does not detect phones. Work flow Troubleshooting ADAC The following work flow assists you to identify the type of problem you are encountering. Figure 23: Troubleshooting ADAC August 2019 Troubleshooting ERS 3600 Series...

  • Page 70: Ip Phone Is Not Detected

    The following work flow assists you to resolve detection issues. Figure 24: IP phone not detected Correct filtering Configure the VLAN filtering to allow ADAC. Task flow Correct filtering The following task flow assists you to correct the filtering. August 2019 Troubleshooting ERS 3600 Series...

  • Page 71: Reload Adac Mac In Range Table

    Ensure the ADAC MAC address is properly loaded in the range table. Task flow Reload ADAC MAC in range table The following task flow assists you to place the ADAC MAC address in the range table. August 2019 Troubleshooting ERS 3600 Series...

  • Page 72: Reduce Lldp Devices

    Reduce the number of LLDP devices. More than 16 devices may cause detection issues. Task flow Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system. August 2019 Troubleshooting ERS 3600 Series...

  • Page 73: Auto Configuration Is Not Applied

    Auto configuration is not applied Correct some common issues that may interfere with auto configuration of devices. Task flow Auto configuration is not applied The following task flow assists you to solve auto configuration issues. August 2019 Troubleshooting ERS 3600 Series...

  • Page 74: Correct Auto Configuration

    Tagged frames mode may be causing a problem. In tagged frames mode, everything is configured correctly, but auto configuration is not applied on a telephony port. Task flow Correct auto configuration The following task flow assists you to correct auto configuration. August 2019 Troubleshooting ERS 3600 Series...
  • Page 75 Configuring another call server and uplink port can assist the auto configuration. 1. Use the adac uplink-port <port> command to assign the uplink port. 2. Use the adac call-server-port <port> command to assign the call server port. August 2019 Troubleshooting ERS 3600 Series...

  • Page 76: Chapter 12: Troubleshooting Authentication

    Authentication issues can interfere with device operation and function. The following work flow shows common authentication problems. Work flow Troubleshooting authentication The following work flow shows typical authentication problems. These work flows are not dependant upon each other. Figure 30: Troubleshooting authentication August 2019 Troubleshooting ERS 3600 Series...

  • Page 77: Eap Client Authentication

    This section provides troubleshooting guidelines for the EAP and non-EAP features. Work flow EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected. August 2019 Troubleshooting ERS 3600 Series...

  • Page 78: Restore Radius Connection

    Troubleshooting authentication Figure 31: EAP client is not authenticating Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device. August 2019 Troubleshooting ERS 3600 Series...
  • Page 79 Review the RADIUS server settings in the device. The default server port is 1812/UDP. Older servers may use 1645/UDP, and other older servers do not support UDP at all. 1. Use the show radius-server command to view the RADIUS server settings. August 2019 Troubleshooting ERS 3600 Series...

  • Page 80: Enable Eap On The Pc

    The PC must have an EAP-enabled device that is correctly configured. Task flow Enable EAP on the PC The following task flow assists you to ensure the PC network card has EAP enabled. Figure 33: Enable EAP on the PC August 2019 Troubleshooting ERS 3600 Series...

  • Page 81: Apply The Method

    1. Obtain network information for the RADIUS Server from Planning and Engineering. 2. Save the information for later reference. Enable EAP globally Task flow Enable EAP globally The following task flow assists you to enable EAP globally. August 2019 Troubleshooting ERS 3600 Series...
  • Page 82 Setting EAPOL port administrative status to auto Set the EAPOL port administrative status to auto. 1. Use the eapol status auto command to change the port status to auto. 2. Ensure that there are no errors after the command execution. August 2019 Troubleshooting ERS 3600 Series...

  • Page 83: Eap Multihost Repeated Re-Authentication Issue

    EAP users that may soon enter to halt soliciting EAP users with multicast requests. Identifying number of users at allowed max Obtain the exact number of EAP users that may soon enter when the number of authenticated users reaches the allowed max. August 2019 Troubleshooting ERS 3600 Series...

  • Page 84: Set Eapol Request Packet

    2. Ensure that there are no errors after execution. Set EAPOL request packet Change the request packet generation to unicast. Task flow Set EAPOL request packet The following task flow assists you to set the EAPOL request packet to unicast. August 2019 Troubleshooting ERS 3600 Series...

  • Page 85: Eap Radius Vlan Is Not Being Applied

    Ensure that the RADIUS VLAN is applied correctly to support EAP. Work flow EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN not being applied. August 2019 Troubleshooting ERS 3600 Series...

  • Page 86: Configure Vlan At Radius

    Configure VLAN at RADIUS Correct any discrepancies in VLAN information at the RADIUS server. Task flow Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server. August 2019 Troubleshooting ERS 3600 Series...
  • Page 87 There are three attributes that the RADIUS server sends back to the NAS (switch) for RADIUSassigned VLANs. These attributes are the same for all RADIUS vendors: • Tunnel-Medium-Type – 802 • Tunnel-Pvt-Group-ID – <VLAN ID> August 2019 Troubleshooting ERS 3600 Series...

  • Page 88: Configure Switch

    • Tunnel-Type – Virtual LANs (VLAN) Configure switch The VLAN must be configured correctly on the switch. Task flow Configure switch The following task flow assists you to configure the VLAN on the device. Figure 41: Configure switch task August 2019 Troubleshooting ERS 3600 Series...

  • Page 89: Configured Mac Is Not Authenticating

    Correct a MAC to allow authentication. Work flow Configured MAC is not authenticating The following work flow assists you to determine the cause and solution of a configured MAC that does not authenticate as expected. August 2019 Troubleshooting ERS 3600 Series...

  • Page 90: Configure The Switch

    Configure the switch to ensure the correct settings are applied to ensure the MAC is authenticating. Task flow Configure the switch The following task flow assists you to ensure the MAC is authenticating on the switch. August 2019 Troubleshooting ERS 3600 Series...
  • Page 91 Configured MAC is not authenticating August 2019 Troubleshooting ERS 3600 Series...
  • Page 92 2. Use the eapol status auto command to change port status to auto. Showing EAPOL multihost Display the EAPOL multihost information. 1. Enter the show eapol multihost command to display the information. 2. Ensure that Allow Non-EAPOL clients is enabled. August 2019 Troubleshooting ERS 3600 Series...

  • Page 93: Non-Eap Radius Mac Not Authenticating

    1. Use the show eapol multihost non-eap-mac status command to view MAC addresses. 2. Use the eapol multihost non-eap-mac <H.H.H> <port> command to add a MAC address to the list. Non-EAP RADIUS MAC not authenticating Correct a non-EAP RADIUS MAC that is not authenticating. August 2019 Troubleshooting ERS 3600 Series...

  • Page 94: Configure Switch

    Figure 44: Non-EAP RADIUS MAC not authenticating Configure switch Correct the switch configuration to correct the issue with RADIUS MAC. Task flow Configure switch The following task flow assists you to configure the switch to correct the RADIUS MAC issue. August 2019 Troubleshooting ERS 3600 Series...
  • Page 95 2. Use the eapol status auto command to change port status to auto. Displaying EAPOL multihost Review the EAPOL multihost information. 1. Enter the show eapol port multihost command to display the information. 2. Note the following: • Use RADIUS To Authenticate NonEAPOL Clients is enabled August 2019 Troubleshooting ERS 3600 Series...

  • Page 96: Radius Server Configuration Error

    The RADIUS server requires that the correct MAC address and password for the switch is configured. Task flow RADIUS server configuration error The following task flow assists you to configure the RADIUS server with the correct MAC and password. August 2019 Troubleshooting ERS 3600 Series...

  • Page 97: Non-Eap Mhsa Mac Is Not Authenticating

    Non-EAP MHSA MAC is not authenticating Ensure that the switch is configured correctly. Work flow Non-EAP MHSA MAC is not authenticating The following work flow assists you to determine the solution for an MHSA MAC that is not authenticating. August 2019 Troubleshooting ERS 3600 Series...

  • Page 98: Configure Switch

    Troubleshooting authentication Figure 47: Non-EAP MHSA MAC is not authenticating Configure switch Configure the switch to enable MHSA. Task flow Configure switch The following task flow assists you to enable MHSA on the switch. August 2019 Troubleshooting ERS 3600 Series...
  • Page 99 Use RADIUS To Authenticate NonEAPOL Clients is enabled Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Use vendor documentation to make required changes on RADIUS server to change the format to MACAddr. August 2019 Troubleshooting ERS 3600 Series...

  • Page 100: Eap-Non-Eap Unexpected Port Shutdown

    Identify the reason for the port shutdown and make configuration changes to avoid future problems. Work flow EAP–non-EAP unexpected port shutdown The following work flow assists you to determine the solution for EAP–non-EAP ports experiencing a shutdown. August 2019 Troubleshooting ERS 3600 Series...

  • Page 101: Configure Switch

    Figure 49: EAP — non-EAP unexpected port shutdown Configure switch Configure ports to allow more unauthorized clients. Task flow Configure switch The following task flow assists you to allow an increased number of unauthorized clients on the ports. August 2019 Troubleshooting ERS 3600 Series...
  • Page 102 1. Use the show mac-address-table command to show the clients on the port. 2. Observe the log output and note any anomalies. Showing EAPOL port information Display EAPOL port information for additional information. 1. Use the show eapol port <port#> command to display the port information. August 2019 Troubleshooting ERS 3600 Series...

  • Page 103: Non-Eap Freeform Password

    • show eapol multihost non-eap-pwd-fmt key—this command prints the key used. The password is printed in cleartext only when password security is not enabled. Otherwise, the password is printed as a string of asterisks. August 2019 Troubleshooting ERS 3600 Series...

Table of Contents