EXTREME SWITCHING 3500 Series Troubleshooting Manual
  1. Manuals
  2. Brands
  3. EXTREME SWITCHING Manuals
  4. Switch
  5. 3500 Series
  6. Troubleshooting manual

EXTREME SWITCHING 3500 Series Troubleshooting Manual

Ethernet routing switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Troubleshooting Ethernet Routing Switch
3500 Series
Release 5.3.6
NN47203-700
Issue 05.01
December 2017

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for EXTREME SWITCHING 3500 Series

Summary of Contents for EXTREME SWITCHING 3500 Series

  • Page 1 Troubleshooting Ethernet Routing Switch 3500 Series Release 5.3.6 NN47203-700 Issue 05.01 December 2017...
  • Page 2 © REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH 2017, Extreme Networks, Inc. ENTITY TO THESE TERMS OF USE. IF YOU DO NOT HAVE SUCH All Rights Reserved. AUTHORITY, OR IF YOU DO NOT WISH TO ACCEPT THESE Notice TERMS OF USE, YOU MUST NOT ACCESS OR USE THE HOSTED SERVICE OR AUTHORIZE ANYONE TO ACCESS OR While reasonable efforts have been made to ensure that the...
  • Page 3 including any code and software unless expressly authorized by THE PERSONAL USE OF A CONSUMER OR OTHER USES IN Extreme Networks. Unauthorized reproduction, transmission, WHICH IT DOES NOT RECEIVE REMUNERATION TO: (I) ENCODE dissemination, storage, and or use without the express written VIDEO IN COMPLIANCE WITH THE AVC STANDARD (“AVC consent of Extreme Networks can be a criminal, as well as a civil VIDEO”) AND/OR (II) DECODE AVC VIDEO THAT WAS ENCODED...
  • Page 4 For additional information on Extreme Networks trademarks, please see: http://www.extremenetworks.com/company/legal/...

  • Page 5: Table Of Contents

    CLI command modes Chapter 8: Initial troubleshooting.................. 25 ......................... 25 Gather information Chapter 9: Emergency recovery trees..................  27 .....................  27 Emergency recovery trees .........................  28 Corruption of flash .................. 29 Incorrect Port VLAN Identifier (PVID) December 2017 Troubleshooting ERS 3500 Series...
  • Page 6 Reduce LLDP devices .....................  72 Auto configuration is not applied .................... 73 Correct auto configuration Chapter 12: Troubleshooting authentication...............  75 .............. 76 Troubleshooting Fail Open VLAN Continuity Mode ........................ 76 Limitations .......................  76 EAP client authentication December 2017 Troubleshooting ERS 3500 Series...
  • Page 7 Configure the switch ................ 92 Non-EAP RADIUS MAC not authenticating ...................... 93 Configure switch .................. 95 RADIUS server configuration error ................ 96 Non-EAP MHSA MAC is not authenticating ...................... 97 Configure switch ................ 99 EAP–non-EAP unexpected port shutdown ...................... 100 Configure switch December 2017 Troubleshooting ERS 3500 Series...

  • Page 8: Chapter 1: Preface

    You can also email us directly at internalinfodev@extremenetworks.com Getting Help Product purchased from Extreme Networks If you purchased your product from Extreme Networks, use the following support contact information to get help. December 2017 Troubleshooting ERS 3500 Series...

  • Page 9: Extreme Networks Documentation

    Chat with live agents to get answers to questions, or request an agent to connect you to a support team if an issue requires additional expertise. Extreme Networks Documentation To find Extreme Networks product guides, visit our documentation pages at: Current Product Documentation www.extremenetworks.com/documentation/ Table continues… December 2017 Troubleshooting ERS 3500 Series...

  • Page 10: Subscribing To Service Notifications

    5. Type your job title. 6. Select the industry in which your company operates. 7. Confirm your geographic information is correct. 8. Select the products for which you would like to receive notifications. 9. Click Submit. December 2017 Troubleshooting ERS 3500 Series...

  • Page 11: Chapter 2: New In This Document

    Chapter 2: New in this document There are no new feature changes in this release. December 2017 Troubleshooting ERS 3500 Series...

  • Page 12: Chapter 3: Troubleshooting Tools

    Certain protocols and tools are tailored for troubleshooting specific network topologies. Other tools are more general in their application and can be used to diagnose and monitor ingress and egress traffic. December 2017 Troubleshooting ERS 3500 Series...

  • Page 13: Chapter 4: Troubleshooting Planning

    You can minimize the need for troubleshooting and to plan for doing it as effectively as possible. 1. Use the Documentation Reference for Ethernet Routing Switch 3500 Series to familiarize yourself with the documentation set, so you know where to get information when you need it.
  • Page 14 This speeds the process of isolating network problems. December 2017 Troubleshooting ERS 3500 Series...

  • Page 15: Chapter 5: Troubleshooting Fundamentals

    • the same limitation on the XTX portion also applies to the ingress and egress mode • the monitor port and the mirror port should be on the same unit in a stack. Note: Stacking is not available in Release 5.0. December 2017 Troubleshooting ERS 3500 Series...

  • Page 16: Many To One Port Mirroring

    • Cannot configure an MLT group as monitor port Port mirroring commands See Configuring System Monitoring on Ethernet Routing Switch 3500 Series, NN47203–501 for port mirroring command information. Use the port mirroring commands to assist in diagnostics and information gathering.

  • Page 17: System Logs

    For more information, see Configuring System Monitoring on Ethernet Routing Switch 3500 Series. Software Exception Log This feature allows an administrator to see the software exceptions generated in the switching system.

  • Page 18: Ascii Configurator Generator

    The switch supports both industry-standard SNMP traps, as well as private Extreme Networks enterprise traps. SNMP trap notification-control provides a generic mechanism for the trap generation control that works with any trap type. For more information, see Configuring System Monitoring on Ethernet Routing Switch 3500 Series. December 2017 Troubleshooting ERS 3500 Series...

  • Page 19: Snmp Trap List Web Page In Edm

    You can use Enterprise Device Manager (EDM) MIB Web page to query SNMP objects on the switch. For more information, see Configuring System Monitoring on Ethernet Routing Switch 3500 Series. Remote monitoring (RMON) (RFC1757) per port statistics, history, alarms, and events Remote Monitoring (RMON) MIB is an interface between the RMON agent on a switch and an RMON management application, such as Enterprise Device Manager (EDM).

  • Page 20: Chapter 6: Troubleshooting Fabric Attach

    2. Use the show fa port-enable command to check message authentication status. 3. If message authentication settings are different on FA Proxy and FA Server, use the [no] [default] fa message-authentication command to change message authentication settings. December 2017 Troubleshooting ERS 3500 Series...

  • Page 21: Verifying Fa Per-Port Settings

    4. You can repeat step 2 to confirm settings. Verifying discovered FA elements Use this procedure to check the discovered FA elements. Procedure 1. Enter Privileged EXEC mode: enable 2. Verify the discovered FA elements: show fa elements December 2017 Troubleshooting ERS 3500 Series...
  • Page 22 =============================================================================== UNIT/ ELEM OPER ASGN OPER PORT EXPANDED TYPE AUTH STATUS AUTH STATUS ------------------------------------------------------------------------------- State Legend: (Tagging/AutoConfig) T=Tagged, U=UntaggedPvid, O=UntaggedOnly, D=Disabled, S=Spbm, V=Vlan, I=Invalid Auth Legend: AP=Authentication Pass, AF=Authentication Fail, NA=Not Authenticated, N=None ------------------------------------------------------------------------------- December 2017 Troubleshooting ERS 3500 Series...

  • Page 23: Chapter 7: General Diagnostic Tools

    With sufficient permission, you can use the rules in the following table to move between the command modes. Table 1: CLI command modes Command mode and sample Entrance commands Exit commands prompt User Executive No entrance command, default exit mode Switch> Table continues… December 2017 Troubleshooting ERS 3500 Series...
  • Page 24 <loopback number> Application Configuration From Global, or Interface To return to Global Configuration Configuration mode, enter mode, enter Switch (config-app)# application exit To return to Privileged Executive mode, enter To exit CLI completely, enter logout December 2017 Troubleshooting ERS 3500 Series...

  • Page 25: Chapter 8: Initial Troubleshooting

    • Connectivity information. When connectivity problems occur, get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues. To obtain this information, use the following commands: - show tech December 2017 Troubleshooting ERS 3500 Series...
  • Page 26 Initial troubleshooting - show running-config - show port-statistics <port> December 2017 Troubleshooting ERS 3500 Series...

  • Page 27: Chapter 9: Emergency Recovery Trees

    Emergency recovery trees The following work flow shows the ERTs included in this section. Each ERT describes steps to correct a specific issue; the ERTs are not dependant upon each other. Figure 1: Emergency Recovery Trees December 2017 Troubleshooting ERS 3500 Series...

  • Page 28: Corruption Of Flash

    Initializing of the flash is one way to clear a corrupted configuration file and is required before a Return Merchandise Authorization (RMA). For assistance with tasks in the Corruption of Flash Emergency Recovery Tree, see Using the Diagnostics Menu on page 55. December 2017 Troubleshooting ERS 3500 Series...

  • Page 29: Incorrect Port Vlan Identifier (Pvid)

    Port VLAN identifier (PVID) is a classification mechanism that associates a port with a specific VLAN. For example, a port with a PVID of 3 (PVID=3) assigns all untagged frames received on this port to VLAN 3. December 2017 Troubleshooting ERS 3500 Series...
  • Page 30 For examples that show how to check the PVID of ports, and how to make PVID corrections, see • Example Checking PVID of ports on page 56 • Example VLAN Interface VLAN IDs on page 57 Incorrect PVID recovery tree Figure 3: Incorrect PVID recovery tree December 2017 Troubleshooting ERS 3500 Series...

  • Page 31: Uplink Ports Not Tagged To Vlan

    VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 3500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 3500 series switch.

  • Page 32: Snmp

    SNMP failure may be the result of an incorrect configuration of the management station or its setup. If you can reach a device, but no traps are received, then verify the trap configurations (the trap destination address and the traps configured to be sent). December 2017 Troubleshooting ERS 3500 Series...

  • Page 33: Snmp Recovery Tree

    SNMP SNMP recovery tree About this task The following figures show the SNMP recovery tree. Procedure December 2017 Troubleshooting ERS 3500 Series...
  • Page 34 Emergency recovery trees Figure 5: SNMP part 1 December 2017 Troubleshooting ERS 3500 Series...

  • Page 35: Stack

    Figure 6: SNMP part 2 Stack Stack failure can be the result of a communication error between the individual units typically due to stack cabling issues. Failures can also arise after multiple bases are configured. December 2017 Troubleshooting ERS 3500 Series...

  • Page 36: Stack Recovery Tree

    Base Unit Select switch set to this position. • Cable incorrectly inserted into the corresponding Cascade Up or Cascade Down port.. Stack recovery tree About this task The following figures show the stack recovery tree. Procedure December 2017 Troubleshooting ERS 3500 Series...
  • Page 37 Stack Figure 7: Stack part 1 December 2017 Troubleshooting ERS 3500 Series...
  • Page 38 Emergency recovery trees Figure 8: Stack part 2 December 2017 Troubleshooting ERS 3500 Series...
  • Page 39 Stack Figure 9: Stack part 3 December 2017 Troubleshooting ERS 3500 Series...
  • Page 40 Emergency recovery trees Figure 10: Stack part 4 December 2017 Troubleshooting ERS 3500 Series...

  • Page 41: Dynamic Host Configuration Protocol (Dhcp) Relay

    For example, the ports that provide connection to the network core or DHCP server are not set as trusted for DHCP snooping. DHCP recovery tree About this task The following figure shows the DHCP relay recovery tree. Procedure Figure 11: DHCP December 2017 Troubleshooting ERS 3500 Series...

  • Page 42: Agent Recovery

    Authorization (RMA). They should be corrected in the field. For assistance with tasks shown in the Agent Recovery emergency recovery tree, see Using the Diagnostics Menu on page 55. Agent Recovery Emergency Recovery Tree Figure 12: Agent Recovery Emergency Recovery Tree December 2017 Troubleshooting ERS 3500 Series...

  • Page 43: Aaur: Configuration For The Units In The Stack Is Not Saved On The Base Unit

    The following figure shows the recovery tree to save configuration for the units in the stack to the base unit. Check that AUR is enabled. If AUR is not enabled, either save the configuration manually or enable AUR. Procedure December 2017 Troubleshooting ERS 3500 Series...
  • Page 44 Emergency recovery trees Figure 13: Configuration for the units in the stack is not saved on the base unit December 2017 Troubleshooting ERS 3500 Series...

  • Page 45: Aaur: Both Units Display Yes For Ready For Replacement

    In a stack of two units, you enter the show stack auto-unit-replacement command and both units display as ready for replacement (only the non–base unit should be ready for replacement in a stack of two units). The following figure shows the recovery tree to correct the issue. Procedure December 2017 Troubleshooting ERS 3500 Series...
  • Page 46 Emergency recovery trees Figure 14: Both units display yes for Ready for Replacement December 2017 Troubleshooting ERS 3500 Series...

  • Page 47: Daur

    Diagnostic image transfer does not start recovery tree About this task The following figure shows the recovery tree to correct issues if a new unit fails to copy the diagnostic image from the stack. Procedure December 2017 Troubleshooting ERS 3500 Series...
  • Page 48 Emergency recovery trees Figure 15: Diagnostic image transfer does not start December 2017 Troubleshooting ERS 3500 Series...

  • Page 49: Stack Forced Mode

    If you cannot access a standalone switch in a broken stack of two units, even though you had enabled the Stack Forced Mode feature, check that the standalone device still has a physical connection to the network. The following figure shows the recovery tree for this scenario. December 2017 Troubleshooting ERS 3500 Series...

  • Page 50: Stack Health Check: Cascade Up And Cascade Down Columns Display Link Down Or Missing

    Use the recovery tree in this section if the output from the switch displays "LINK DOWN" or "MISSING" in the Cascade Up or Cascade Down columns when you issue the show stack health command. December 2017 Troubleshooting ERS 3500 Series...

  • Page 51: Cascade Up And Cascade Down Columns Display Link Down Or Missing Recovery Tree

    The following figure shows the recovery tree to use if the output from the switch displays "LINK DOWN" or "MISSING" in the Cascade Up or Cascade Down columns when you issue the show stack health command. December 2017 Troubleshooting ERS 3500 Series...
  • Page 52 Emergency recovery trees Figure 17: Stack Health Check: Cascade Up and Cascade Down columns display LINK DOWN or December 2017 Troubleshooting ERS 3500 Series...

  • Page 53: Stack Health Check: Cascade Up And Cascade Down Columns Display Up With Errors

    The following figure shows the recovery tree to use if the output from the switch displays "UP WITH ERRORS" in the Cascade Up and Cascade Down columns when you issue the show stack health command. December 2017 Troubleshooting ERS 3500 Series...
  • Page 54 Emergency recovery trees Figure 18: Stack Health Check: Cascade Up and Cascade Down columns display UP WITH ERRORS December 2017 Troubleshooting ERS 3500 Series...

  • Page 55: Locating The Switch Console Ports

    Locating the switch console ports The following figure identifies the ports on the ERS 3500 switches: Figure 19: ERS 3500 Series switch console ports Using the Diagnostics Menu On power up, the Power-On Self Tests (POST) are executed and the following is displayed:...

  • Page 56: Example Checking Pvid Of Ports

    The flash config/log area is initialized. This area is used by the Agent code. The POST tests are executed again. Resets the switch Example Checking PVID of ports The following figure shows output from the show vlan interface info command. December 2017 Troubleshooting ERS 3500 Series...

  • Page 57: Example Vlan Interface Vlan Ids

    Example VLAN Interface VLAN IDs Example VLAN Interface VLAN IDs The following figure provides example output from the show vlan interface vids command. December 2017 Troubleshooting ERS 3500 Series...

  • Page 58: Tagging Options

    Emergency recovery trees Tagging options Use the commands and outputs in this example to assist in adding missing VLANs to affected uplink ports. December 2017 Troubleshooting ERS 3500 Series...

  • Page 59: Chapter 10: Troubleshooting Hardware

    Chapter 10: Troubleshooting hardware Use this section for hardware troubleshooting. Work flow Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems: December 2017 Troubleshooting ERS 3500 Series...
  • Page 60 Troubleshooting hardware Figure 20: Troubleshooting hardware December 2017 Troubleshooting ERS 3500 Series...

  • Page 61: Check Power

    Check power Confirm power is being delivered to the device. Task flow Check power The following task flow assists you to confirm that the ERS 3500 Series device is powered correctly. Figure 21: Check power Correcting voltage source Confirm the power cord is connected to the appropriate voltage source.

  • Page 62: Check Port

    • Status LED blinking amber: Power On Self Test (POST) failure • Power LED blinking: corrupt flash Reloading agent code Reload the agent code on the ERS 3500 Series device to eliminate corrupted or damaged code that causes a partial boot of the device. Caution: Ensure you have adequate backup of your configuration prior to reloading software.
  • Page 63 Figure 22: Check port Viewing port information Review the port information to ensure that the port is enabled. 1. Use the show interfaces <port> command to display the port information. 2. Note the port status. December 2017 Troubleshooting ERS 3500 Series...

  • Page 64: Check Fiber Port

    Confirm the fiber port is working and the cable connecting the port is the proper type. Task flow Check fiber port The following task flow assists you to confirm that the fiber port cable is functioning and is of the proper type. December 2017 Troubleshooting ERS 3500 Series...
  • Page 65 1. Use the show interfaces <port> command to display the port information. 2. Note the port status. Enabling the port Ensure the port on the switch device is enabled. 1. Use the no shutdown command to change the port configuration. December 2017 Troubleshooting ERS 3500 Series...

  • Page 66: Replace Unit

    Due to physical handling of the device and your physical proximity to electrical equipment, review and adhere to all safety instructions and literature included with device and in Regulatory Reference for Ethernet Routing Switch 3500 Series Verifying software version is correct on new device Verify that the new device to be inserted has the identical software version.
  • Page 67 3. Confirm that the new unit has reset itself. This confirms that replication has completed. Returning unit for repair Return unit to Extreme Networks for repair. Contact Extreme Networks for return instructions and RMA information. December 2017 Troubleshooting ERS 3500 Series...

  • Page 68: Chapter 11: Troubleshooting Adac

    If you enable the LLDP detection mechanism for telephony ports, then LLDP itself has to be enabled on the switch. Otherwise, ADAC does not detect phones. Work flow Troubleshooting ADAC The following work flow assists you to identify the type of problem you are encountering. Figure 24: Troubleshooting ADAC December 2017 Troubleshooting ERS 3500 Series...

  • Page 69: Ip Phone Is Not Detected

    The following work flow assists you to resolve detection issues. Figure 25: IP phone not detected Correct filtering Configure the VLAN filtering to allow ADAC. Task flow Correct filtering The following task flow assists you to correct the filtering. December 2017 Troubleshooting ERS 3500 Series...

  • Page 70: Reload Adac Mac In Range Table

    Ensure the ADAC MAC address is properly loaded in the range table. Task flow Reload ADAC MAC in range table The following task flow assists you to place the ADAC MAC address in the range table. December 2017 Troubleshooting ERS 3500 Series...

  • Page 71: Reduce Lldp Devices

    Reduce the number of LLDP devices. More than 16 devices may cause detection issues. Task flow Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system. December 2017 Troubleshooting ERS 3500 Series...

  • Page 72: Auto Configuration Is Not Applied

    Auto configuration is not applied Correct some common issues that may interfere with auto configuration of devices. Task flow Auto configuration is not applied The following task flow assists you to solve auto configuration issues. December 2017 Troubleshooting ERS 3500 Series...

  • Page 73: Correct Auto Configuration

    Tagged frames mode may be causing a problem. In tagged frames mode, everything is configured correctly, but auto configuration is not applied on a telephony port. Task flow Correct auto configuration The following task flow assists you to correct auto configuration. December 2017 Troubleshooting ERS 3500 Series...
  • Page 74 Configuring another call server and uplink port can assist the auto configuration. 1. Use the adac uplink-port <port> command to assign the uplink port. 2. Use the adac call-server-port <port> command to assign the call server port. December 2017 Troubleshooting ERS 3500 Series...

  • Page 75: Chapter 12: Troubleshooting Authentication

    Authentication issues can interfere with device operation and function. The following work flow shows common authentication problems. Work flow Troubleshooting authentication The following work flow shows typical authentication problems. These work flows are not dependant upon each other. Figure 31: Troubleshooting authentication December 2017 Troubleshooting ERS 3500 Series...

  • Page 76: Troubleshooting Fail Open Vlan Continuity Mode

    This section provides troubleshooting guidelines for the EAP and non-EAP features. Work flow EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected. December 2017 Troubleshooting ERS 3500 Series...

  • Page 77: Restore Radius Connection

    EAP client authentication Figure 32: EAP client is not authenticating Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device. December 2017 Troubleshooting ERS 3500 Series...
  • Page 78 Review the RADIUS server settings in the device. The default server port is 1812/UDP. Older servers may use 1645/UDP, and other older servers do not support UDP at all. 1. Use the show radius-server command to view the RADIUS server settings. December 2017 Troubleshooting ERS 3500 Series...

  • Page 79: Enable Eap On The Pc

    The PC must have an EAP-enabled device that is correctly configured. Task flow Enable EAP on the PC The following task flow assists you to ensure the PC network card has EAP enabled. Figure 34: Enable EAP on the PC December 2017 Troubleshooting ERS 3500 Series...

  • Page 80: Apply The Method

    1. Obtain network information for the RADIUS Server from Planning and Engineering. 2. Save the information for later reference. Enable EAP globally Task flow Enable EAP globally The following task flow assists you to enable EAP globally. December 2017 Troubleshooting ERS 3500 Series...
  • Page 81 Setting EAPOL port administrative status to auto Set the EAPOL port administrative status to auto. 1. Use the eapol status auto command to change the port status to auto. 2. Ensure that there are no errors after the command execution. December 2017 Troubleshooting ERS 3500 Series...

  • Page 82: Eap Multihost Repeated Re-Authentication Issue

    EAP users that may soon enter to halt soliciting EAP users with multicast requests. Identifying number of users at allowed max Obtain the exact number of EAP users that may soon enter when the number of authenticated users reaches the allowed max. December 2017 Troubleshooting ERS 3500 Series...

  • Page 83: Set Eapol Request Packet

    2. Ensure that there are no errors after execution. Set EAPOL request packet Change the request packet generation to unicast. Task flow Set EAPOL request packet The following task flow assists you to set the EAPOL request packet to unicast. December 2017 Troubleshooting ERS 3500 Series...

  • Page 84: Eap Radius Vlan Is Not Being Applied

    Ensure that the RADIUS VLAN is applied correctly to support EAP. Work flow EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN not being applied. December 2017 Troubleshooting ERS 3500 Series...

  • Page 85: Configure Vlan At Radius

    Configure VLAN at RADIUS Correct any discrepancies in VLAN information at the RADIUS server. Task flow Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server. December 2017 Troubleshooting ERS 3500 Series...
  • Page 86 There are three attributes that the RADIUS server sends back to the NAS (switch) for RADIUSassigned VLANs. These attributes are the same for all RADIUS vendors: • Tunnel-Medium-Type – 802 • Tunnel-Pvt-Group-ID – <VLAN ID> December 2017 Troubleshooting ERS 3500 Series...

  • Page 87: Configure Switch

    • Tunnel-Type – Virtual LANs (VLAN) Configure switch The VLAN must be configured correctly on the switch. Task flow Configure switch The following task flow assists you to configure the VLAN on the device. Figure 42: Configure switch task December 2017 Troubleshooting ERS 3500 Series...

  • Page 88: Configured Mac Is Not Authenticating

    Correct a MAC to allow authentication. Work flow Configured MAC is not authenticating The following work flow assists you to determine the cause and solution of a configured MAC that does not authenticate as expected. December 2017 Troubleshooting ERS 3500 Series...

  • Page 89: Configure The Switch

    Configure the switch to ensure the correct settings are applied to ensure the MAC is authenticating. Task flow Configure the switch The following task flow assists you to ensure the MAC is authenticating on the switch. December 2017 Troubleshooting ERS 3500 Series...
  • Page 90 Troubleshooting authentication December 2017 Troubleshooting ERS 3500 Series...
  • Page 91 2. Use the eapol status auto command to change port status to auto. Showing EAPOL multihost Display the EAPOL multihost information. 1. Enter the show eapol multihost command to display the information. 2. Ensure that Allow Non-EAPOL clients is enabled. December 2017 Troubleshooting ERS 3500 Series...

  • Page 92: Non-Eap Radius Mac Not Authenticating

    1. Use the show eapol multihost non-eap-mac status command to view MAC addresses. 2. Use the eapol multihost non-eap-mac <H.H.H> <port> command to add a MAC address to the list. Non-EAP RADIUS MAC not authenticating Correct a non-EAP RADIUS MAC that is not authenticating. December 2017 Troubleshooting ERS 3500 Series...

  • Page 93: Configure Switch

    Figure 45: Non-EAP RADIUS MAC not authenticating Configure switch Correct the switch configuration to correct the issue with RADIUS MAC. Task flow Configure switch The following task flow assists you to configure the switch to correct the RADIUS MAC issue. December 2017 Troubleshooting ERS 3500 Series...
  • Page 94 2. Use the eapol status auto command to change port status to auto. Displaying EAPOL multihost Review the EAPOL multihost information. 1. Enter the show eapol port multihost command to display the information. 2. Note the following: • Use RADIUS To Authenticate NonEAPOL Clients is enabled December 2017 Troubleshooting ERS 3500 Series...

  • Page 95: Radius Server Configuration Error

    The RADIUS server requires that the correct MAC address and password for the switch is configured. Task flow RADIUS server configuration error The following task flow assists you to configure the RADIUS server with the correct MAC and password. December 2017 Troubleshooting ERS 3500 Series...

  • Page 96: Non-Eap Mhsa Mac Is Not Authenticating

    Non-EAP MHSA MAC is not authenticating Ensure that the switch is configured correctly. Work flow Non-EAP MHSA MAC is not authenticating The following work flow assists you to determine the solution for an MHSA MAC that is not authenticating. December 2017 Troubleshooting ERS 3500 Series...

  • Page 97: Configure Switch

    Non-EAP MHSA MAC is not authenticating Figure 48: Non-EAP MHSA MAC is not authenticating Configure switch Configure the switch to enable MHSA. Task flow Configure switch The following task flow assists you to enable MHSA on the switch. December 2017 Troubleshooting ERS 3500 Series...
  • Page 98 Use RADIUS To Authenticate NonEAPOL Clients is enabled Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Use vendor documentation to make required changes on RADIUS server to change the format to IpAddr.MACAddr.PortNumber. December 2017 Troubleshooting ERS 3500 Series...

  • Page 99: Eap-Non-Eap Unexpected Port Shutdown

    Identify the reason for the port shutdown and make configuration changes to avoid future problems. Work flow EAP–non-EAP unexpected port shutdown The following work flow assists you to determine the solution for EAP–non-EAP ports experiencing a shutdown. December 2017 Troubleshooting ERS 3500 Series...

  • Page 100: Configure Switch

    Figure 50: EAP — non-EAP unexpected port shutdown Configure switch Configure ports to allow more unauthorized clients. Task flow Configure switch The following task flow assists you to allow an increased number of unauthorized clients on the ports. December 2017 Troubleshooting ERS 3500 Series...
  • Page 101 1. Use the show mac-address-table command to show the clients on the port. 2. Observe the log output and note any anomalies. Showing EAPOL port information Display EAPOL port information for additional information. 1. Use the show eapol port <port#> command to display the port information. December 2017 Troubleshooting ERS 3500 Series...
  • Page 102 This section provides troubleshooting guidelines for changing the EAP settings. It assists in the cleanup of old MAC addresses. 1. Use the eapol status autocommand to change to eap-auto. 2. In the Interface Configuration Mode, use the shut/no shut commands. December 2017 Troubleshooting ERS 3500 Series...

Table of Contents