Avaya ERS 2500 Series Troubleshooting Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Switch
  5. ERS 2500
  6. Troubleshooting manual
Avaya ERS 2500 Series Troubleshooting Manual

Avaya ERS 2500 Series Troubleshooting Manual

Hide thumbs Also See for ERS 2500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Troubleshooting
Avaya Ethernet Routing Switch 2500
Series
4.1
NN47215-700, 01.02
November 2010

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ERS 2500 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Avaya ERS 2500 Series

Summary of Contents for Avaya ERS 2500 Series

  • Page 1 Troubleshooting Avaya Ethernet Routing Switch 2500 Series NN47215-700, 01.02 November 2010...
  • Page 2 Avaya or the applicable third party. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages.

  • Page 3: Table Of Contents

    Port mirroring..............................13 Port mirroring limitations.........................13 Port mirroring commands........................14 Port statistics..............................14 System logs..............................14 Auto Unit Replacement (AUR)........................14 Avaya knowledge and solution engine......................15 Chapter 5: General diagnostic tools..................17 ACLI command modes............................17 Chapter 6: Initial troubleshooting..................19 Gather information............................19 Chapter 7: Emergency recovery trees...................21 Emergency recovery trees..........................21...
  • Page 4 Chapter 10: Troubleshooting authentication................55 EAP client authentication..........................56 Restore RADIUS connection........................58 Enable EAP on the PC...........................60 Apply the method............................61 Enable EAP globally..........................62 EAP multihost repeated re-authentication issue.....................64 Match EAP-MAC-MAX to EAP users.....................65 Set EAPOL request packet........................67 EAP RADIUS VLAN is not being applied......................68 Configure VLAN at RADIUS........................69 Configure switch.............................71 Configured MAC is not authenticating......................74...

  • Page 5: Chapter 1: New In This Release

    NN47215-700 for Release 4.3. Stacking The ERS 2500 Series software release v4.3 has the capability to stack up to eight units in a stack. Stacking functionality is available through two methods. First, by purchasing a stack enabled device. These devices have the rear ports set to stacking mode as default in the factory.

  • Page 6: Stacking Functionality And Rear Ports

    Figure 2: ERS 2500 rear ports Each ERS 2500 Series device ships with a 46 cm (1.5 ft) stacking cable. The stacking cable is a black Cat5E cable. Spare stacking cables are available on the price list for additional purchase.

  • Page 7: Power Over Ethernet (Poe) Limitations

    Power over Ethernet (POE) limitations Under JDM, the rear ports are be grayed out and not selectable in the switch view if the ports are in stacking mode. Figure 3: ERS 2500 JDM display Power over Ethernet (POE) limitations The status for the PoE port can appear incorrectly as InvalidPD rather than detecting. This occurs if the PD detect type on an ERS 2500-PWR is set to 802.3af and legacy while a PoE port on the switch is connected to a non-PoE device.
  • Page 8 New in this release Troubleshooting November 2010...

  • Page 9: Chapter 2: Introduction

    (DM). • Guides you through some common problems to achieve a first tier solution to these situations • Advises you what information to compile prior to troubleshooting or calling Avaya for help. This documents assumes that you: • Have basic knowledge of networks, ethernet bridging, and IP routing.
  • Page 10 Introduction Troubleshooting November 2010...

  • Page 11: Chapter 3: Troubleshooting Planning

    There are things you can do to minimize the need for troubleshooting and to plan for doing it as effectively as possible. First, use the Avaya Ethernet Routing Switch 2500 Series Documentation Roadmap to familiarize yourself with the documentation set, so you know where to get information when you need it.
  • Page 12 Troubleshooting planning Fourth, understand the normal network behavior so you can be more effective at troubleshooting problems. • Monitor your network over a period of time sufficient to allow you to obtain statistics and data to see patterns in the traffic flow, such as which devices are typically accessed or when peak usage times occur.

  • Page 13: Chapter 4: Troubleshooting Fundamentals

    This section describes available troubleshooting tools and their applications. Port mirroring Avaya Ethernet Routing Switch 2500 Series switches have a port mirroring feature that helps you to monitor and analyze network traffic. The port mirroring feature supports both ingress (incoming traffic) and egress (outgoing traffic) port mirroring. When port mirroring is enabled, the ingress or egress packets of the mirrored (source) port are forwarded normally and a copy of the packets is sent from the mirrored port to the mirroring (destination) port.

  • Page 14: Port Mirroring Commands

    Ethernet Routing Switch 2500 Series device running in a network accessible to the workstation. For more information about system logging, see Avaya Ethernet Routing Switch 2500 Series Configuration — System Monitoring (NN47215-502).

  • Page 15: Avaya Knowledge And Solution Engine

    However, the configuration of the previous unit is not replicated in the new unit. AUR can be enabled or disabled from ACLI and DM. By default, AUR is enabled. For more information about AUR, see Avaya Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500).
  • Page 16 Troubleshooting fundamentals Troubleshooting November 2010...

  • Page 17: Chapter 5: General Diagnostic Tools

    Chapter 5: General diagnostic tools The Avaya Ethernet Routing Switch 2500 Series device has diagnostic features available through DM and ACLI. You can use these diagnostic tools to help you troubleshoot operational and configuration issues. You can configure and display files, view and monitor port statistics, trace a route, run loopback and ping tests, test the switch fabric, and view the address resolution table.
  • Page 18 It is possible to move between command modes on a limited basis. This is explained in the Common Procedures section of this document. You can move between command modes on a limited basis. For more information about the ACLI command modes, see Avaya Ethernet Routing Switch 2500 Series Fundamentals, NN47215-102. Troubleshooting...

  • Page 19: Chapter 6: Initial Troubleshooting

    As part of your initial troubleshooting, Avaya recommends that you check the Knowledge and Solution Engine on the Avaya Web site for known issues and solutions related to the problem you are experiencing. Gather information Before contacting Avaya Technical Support, you must gather information that can help the Technical Support personnel.
  • Page 20 Initial troubleshooting - show tech - show running-config - show port-statistics <port> Troubleshooting November 2010...

  • Page 21: Chapter 7: Emergency Recovery Trees

    Chapter 7: Emergency recovery trees Emergency Recovery Trees (ERT) provide a quick reference for troubleshooting without procedural detail. They are meant to quickly assist you to find a solution for common failures. Emergency recovery trees The following work flow shows the ERTs included in this section. Each ERT describes steps to correct a specific issue;...

  • Page 22: Incorrect Pvid

    Emergency recovery trees Initializing of the flash is one way to clear a corrupted configuration file and is required before a Return Merchandise Authorization (RMA). Corruption of flash recovery tree Figure 5: Corruption of flash Incorrect PVID An issue can occur where clients cannot communicate to critical servers when their ports are put in wrong VLAN.

  • Page 23: Uplink Ports Not Tagged To Vlan

    Uplink ports not tagged to VLAN When an ERS 2500 series switch is connected to an ERS 8600 series switch and devices in a VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 2500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 2500 series switch.
  • Page 24 Emergency recovery trees Uplink ports not tagged to VLAN recovery tree Figure 7: Uplink ports not tagged to VLAN Troubleshooting November 2010...

  • Page 25: Snmp

    SNMP SNMP SNMP failure may be the result of an incorrect configuration of the management station or its setup. If you can reach a device but no traps are received, verify the trap configurations (the trap destination address and the traps configured to be sent). SNMP recovery tree Figure 8: SNMP Troubleshooting...

  • Page 26: Stack

    Emergency recovery trees Stack Stack failure can be the result of a communication error between the individual units due to configuration or cabling. Failures can also arise when there are multiple bases configured. Troubleshooting November 2010...
  • Page 27 Stack Stack Recovery Tree Figure 9: Stack Troubleshooting November 2010...
  • Page 28 Emergency recovery trees Troubleshooting November 2010...

  • Page 29: Chapter 8: Troubleshooting Hardware

    Chapter 8: Troubleshooting hardware Use this section for hardware troubleshooting specific to the Ethernet Routing Switch 2500 Series. Work flow: Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems. Troubleshooting November 2010...
  • Page 30 Troubleshooting hardware Figure 10: Troubleshooting hardware Navigation • Check power on page 31 • Check cables on page 33 • Check port on page 34 • Check fiber port on page 36 • Replace unit on page 38 Troubleshooting November 2010...

  • Page 31: Check Power

    Check power Check power Confirm power is being delivered to the device. Task flow: Check power The following task flow assists you to confirm that the Ethernet Routing Switch 2500 Series device is powered correctly. Figure 11: Check power Navigation •...
  • Page 32 Know the current version of your software before reloading it. Loading incorrect software versions may cause further complications. 1. Use the show sys-info command to view the software version. 2. See Avaya Ethernet Routing Switch 2500 Series Release 4.3 Release Notes (NN47215-400) for information about software installation. Troubleshooting...

  • Page 33: Check Cables

    Check cables Returning unit for repair Return unit to Avaya for repair. Contact Avaya for return instructions and RMA information. Check cables Confirm the stacking cables are correctly connected. Task flow: Check cables The following task flow assists you to confirm the stacking cables on the Ethernet Routing Switch 2500 Series device are installed correctly.

  • Page 34: Check Port

    Ensure the cables use RJ45 connectors. The 2500 Series software Release v4.3 supports the use of both straight and crossover Cat5e cabling. Reviewing configuration documentation Review the stacking procedures in Avaya Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500). Figure 13: Stack configuration 1.
  • Page 35 Check port Figure 14: Check port Navigation • Viewing port information on page 35 • Enabling the port on page 36 • Confirming the cables are working on page 36 • Confirming the cables are working on page 36 Viewing port information Review the port information to ensure that the port is enabled.

  • Page 36: Check Fiber Port

    Troubleshooting hardware Enabling the port Enable the port. 1. Go to interface specific mode using the interface fastethernet <port> command. 2. Use the no shutdown command to change the port configuration. 3. Use the show interfaces <port> command to display the port. 4.
  • Page 37 Check fiber port Figure 15: Check fiber port Navigation • Viewing fiber port information on page 37 • Enabling the port on page 38 • Confirming cables are working on page 38 • Returning unit for repair on page 38 Viewing fiber port information Review the port information to ensure the port is enabled.

  • Page 38: Replace Unit

    Caution: Due to physical handling of the device and your physical proximity to electrical equipment, review and adhere to all safety instructions and literature included with device and in Avaya Ethernet Routing Switch 2500 Series — Regulatory Information (NN47215-100). Troubleshooting...
  • Page 39 AUR is not designed for the situation of removing and reinserting the same switch (with the same MAC address). For detailed information about AUR, see Avaya Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500). Task flow: Replace a unit in a stack The following task flow assists you to replace one of the 2500 Series devices in a stack.
  • Page 40 Troubleshooting hardware Figure 16: Replace unit Navigation • Removing failed unit on page 40 • Verifying software version is correct on new device on page 41 • Obtaining the correct software version on page 41 • Placing a new unit on page 41 •...
  • Page 41 Ensure you have adequate backup of your configuration prior to reloading software. Know the Release number of your software before loading it. Loading incorrect software versions may cause further complications. See Avaya Ethernet Routing Switch 2500 Series Release 4.3 Release Notes (NN47215-400) for software installation. Placing a new unit Place the new unit in the stack where the failed unit was connected.
  • Page 42 Troubleshooting hardware 1. Review the stacking section in Avaya Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for cabling details. 2. Connect the cables in accordance with physical stack requirements. Powering on the unit Energize the unit after it is connected and ready to integrate.

  • Page 43: Chapter 9: Troubleshooting Adac

    Chapter 9: Troubleshooting ADAC Automatic Detection and Automatic Configuration (ADAC) can encounter detection and configuration errors that can be easily corrected. ADAC clarifications ADAC VLAN settings are dynamic and are not saved to nonvolatile memory. When ADAC is enabled, all VLAN settings that you manually made on ADAC uplink or telephony ports are dynamic and are not saved to non-volatile memory.

  • Page 44: Ip Phone Is Not Detected

    Troubleshooting ADAC IP phone is not detected Correct an IP phone that is not being detected by ADAC. Work flow: IP phone not detected The following work flow assists you to resolve detection issues. Figure 18: IP phone not detected Navigation •...
  • Page 45 IP phone is not detected Task flow: Correct filtering The following task flow assists you to correct the filtering. Figure 19: Correct filtering Navigation • Confirming port belongs to at least one VLAN on page 45 • Disabling the VLAN filtering of unregistered frames on page 45 Confirming port belongs to at least one VLAN View information to ensure that the port belongs to a VLAN.

  • Page 46: Reload Adac Mac In Range Table

    Troubleshooting ADAC 1. Use the vlan ports <port> filter-unregistered-frames enable command to view the details. 2. Ensure no errors after command execution. Reload ADAC MAC in range table Ensure the ADAC MAC address is properly loaded in the range table. Task flow: Reload ADAC MAC in range table The following task flow assists you to place the ADAC MAC address in the range table.

  • Page 47: Reduce Lldp Devices

    IP phone is not detected 1. Follow local procedures to disconnect the phone. 2. Follow local procedures to reconnect the phone. Disabling and enabling the port Disable ADAC on the port and then enable it to detect the phone. When disable and re- enable the port administratively, the MAC addresses already learned on the respective port are aged out.
  • Page 48 Troubleshooting ADAC Figure 21: Reduce LLDP devices Navigation • Viewing LLDP information on page 48 • Reducing LLDP enabled devices on page 48 Viewing LLDP information Display the LLDP devices that are connected to a port. 1. Use the show lldp port 1 neighbor command to identify the LLDP devices. 2.

  • Page 49: Auto Configuration Is Not Applied

    Auto configuration is not applied 1. Follow local procedures and SOPs to reduce the number of devices connected. 2. Use the show adac in <port> command to display the ADAC information for the port to ensure there are less than 16 devices connected. Auto configuration is not applied Correct some common issues that may interfere with auto configuration of devices.

  • Page 50: Correct Auto Configuration

    Troubleshooting ADAC Correct auto configuration Tagged frames mode may be causing a problem. In tagged frames mode, everything is configured correctly, but auto configuration is not applied on a telephony port. Task flow: Correct auto configuration The following task flow assists you to correct auto configuration. Troubleshooting November 2010...
  • Page 51 Auto configuration is not applied Figure 23: Correct auto configuration Navigation • Viewing ADAC global status on page 51 • Configuring another call server and uplink port on page 52 • Replacing Unit on page 52 Viewing ADAC global status Display the global status of ADAC.

  • Page 52: Check The Status And Number Of Devices

    Replacing Unit Replace unit to replicate configuration if AUR is enabled. 1. Follow the replacement guidelines in Avaya Ethernet Routing Switch 2500 Series — System Configuration (NN47215-500). 2. Refer to the unit replacement section in the Troubleshooting Hardware section of this document.
  • Page 53 Auto configuration is not applied Figure 24: Check status and number of devices Navigation • Viewing ADAC port status on page 53 • Reducing the number of devices on page 54 • Disabling and enabling the port on page 54 Viewing ADAC port status Display the status of ADAC on the port.
  • Page 54 Troubleshooting ADAC 1. Use the show adac in <port> command to display the ADAC information for the port. 2. Note if the oper state is disabled and the number of devices connected. Reducing the number of devices Reduce the number of LLDP devices on the system. 1.

  • Page 55: Chapter 10: Troubleshooting Authentication

    Chapter 10: Troubleshooting authentication Authentication issues can interfere with device operation and function. The following work flow shows common authentication problems. Work flow: Troubleshooting authentication The following work flow shows typical authentication problems. These work flows are not dependant upon each other. Figure 25: Troubleshooting authentication Navigation •...

  • Page 56: Eap Client Authentication

    Troubleshooting authentication • Non-EAP MHSA MAC is not authenticating on page 83 • EAP–non-EAP unexpected port shutdown on page 87 EAP client authentication This section provides troubleshooting guidelines for the EAP and non-EAP features on the Ethernet Routing Switch 2500 Series devices. Work flow: EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected.
  • Page 57 EAP client authentication Figure 26: EAP client is not authenticating Navigation • Restore RADIUS connection on page 58 • Enable EAP on the PC on page 60 • Apply the method on page 61 • Enable EAP globally on page 62 Troubleshooting November 2010...

  • Page 58: Restore Radius Connection

    Troubleshooting authentication Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device. Task flow: Restore RADIUS connection The following task flow assists you to restore the connection to the RADIUS server. Figure 27: Restore RADIUS connection Navigation •...
  • Page 59 EAP client authentication Getting correct RADIUS server settings for the switch This section provides troubleshooting guidelines for obtaining the RADIUS server settings. 1. Obtain network information for the RADIUS server from the Planning and Engineering documentation. 2. Follow vendor documentation to set the RADIUS authentication method MD5. Viewing RADIUS information Review the RADIUS server settings in the device.

  • Page 60: Enable Eap On The Pc

    Troubleshooting authentication 1. Use the ping <server IP> command to ensure connection. 2. Observe no packet loss to confirm connection. Enable EAP on the PC The PC must have an EAP-enabled device that is correctly configured. Task flow: Enable EAP on the PC The following task flow assists you to ensure the PC network card has EAP enabled.

  • Page 61: Apply The Method

    EAP client authentication 1. See vendor documentation for the PC and network card. 2. Ensure the network card is enabled. 3. Ensure the card is configured to support EAP. Apply the method Ensure you apply the correct EAP method. Task flow: Apply the method The following task flow assists you to apply the correct EAP method.

  • Page 62: Enable Eap Globally

    Troubleshooting authentication 1. Obtain network information for the RADIUS Server from Planning and Engineering. 2. Save the information for later reference. Enable EAP globally Enable EAP globally on the 2500 Series device. Task flow: Enable EAP globally The following task flow assists you to enable EAP globally on the 2500 Series device. Troubleshooting November 2010...
  • Page 63 EAP client authentication Figure 30: Enable EAP globally Navigation • Enabling EAP globally on page 63 • Viewing EAPOL settings on page 64 • Setting EAPOL port administrative status to auto on page 64 Enabling EAP globally Enable EAP globally on the Ethernet Routing Switch 2500 Series device. 1.

  • Page 64: Eap Multihost Repeated Re-Authentication Issue

    Troubleshooting authentication Viewing EAPOL settings Review the EAPOL settings to ensure EAP is enabled. 1. Use the show eapol port <port#> command to display the information. 2. Observe the output. Setting EAPOL port administrative status to auto Set the EAPOL port administrative status to auto. 1.

  • Page 65: Match Eap-Mac-Max To Eap Users

    EAP multihost repeated re-authentication issue Figure 31: EAP multihost repeated re-authentication issue Navigation • Match EAP-MAC-MAX to EAP users on page 65 • Set EAPOL request packet on page 67 Match EAP-MAC-MAX to EAP users When the number of authenticated users reaches the allowed maximum, lower the eap-mac- max to the exact number of EAP users that may soon enter to halt soliciting EAP users with multicast requests.
  • Page 66 Troubleshooting authentication Figure 32: Match EAP-MAC-MAX to EAP users Navigation • Identifying number of users at allowed max on page 66 • Lowering EAP max MAC on page 66 Identifying number of users at allowed max Obtain the exact number of EAP users that may soon enter when the number of authenticated users reaches the allowed max.

  • Page 67: Set Eapol Request Packet

    EAP multihost repeated re-authentication issue 1. Use the eapol multihost eap-mac-max command to set the mac-max value. 2. Ensure that there are no errors after execution. Set EAPOL request packet Change the request packet generation to unicast. Task flow: Set EAPOL request packet The following task flow assists you to set the EAPOL request packet to unicast.

  • Page 68: Eap Radius Vlan Is Not Being Applied

    Troubleshooting authentication 1. Use the eapol multihost eap-packet-mode unicast command to set the EAPOL request packet to unicast. 2. Ensure that there are no errors after execution. Setting EAPOL request packet for a port Change the EAPOL request packet from multicast to unicast for a specific port. 1.

  • Page 69: Configure Vlan At Radius

    EAP RADIUS VLAN is not being applied Figure 34: EAP Radius VLAN is not being applied Navigation • Configure VLAN at RADIUS on page 69 • Configure switch on page 71 Configure VLAN at RADIUS Correct any discrepancies in VLAN information at the RADIUS server. Task flow: Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server.
  • Page 70 Troubleshooting authentication Figure 35: Configure VLAN at RADIUS Navigation • Getting correct RADIUS server settings on page 70 • Viewing RADIUS information on page 70 • Configuring RADIUS on page 71 Getting correct RADIUS server settings This section provides troubleshooting guidelines to obtain the correct RADIUS server settings. 1.

  • Page 71: Configure Switch

    EAP RADIUS VLAN is not being applied Configuring RADIUS Configure the RADIUS server with the correct VLAN information. Use vendor documentation to make the required changes. There are three attributes that the RADIUS server sends back to the NAS (switch) for RADIUS- assigned VLANs.
  • Page 72 Troubleshooting authentication Figure 36: Configure switch task Navigation • Showing EAPOL multihost on page 72 • Enabling use of RADIUS assigned VLANs on page 73 • Showing EAPOL multihost interface on page 73 • Showing VLAN config control on page 73 •...
  • Page 73 EAP RADIUS VLAN is not being applied 1. Use the show eapol multihost command to display the multihost information. 2. Note the state of Allow Use of RADIUS Assigned VLANs. Enabling use of RADIUS assigned VLANs Change the "allow RADIUS assigned VLAN" to "enable". 1.

  • Page 74: Configured Mac Is Not Authenticating

    Troubleshooting authentication 1. Use the vlan config control flexible command to set the VLAN config control to flexible. 2. Ensure that there are no errors after execution. Showing spanning tree View the VLANs added to the desired STG. If the RADIUS assigned VLAN and the original VLAN are in the same STG, the EAP enabled port is moved to RADIUS assigned VLAN after EAP authentication succeeds.

  • Page 75: Configure The Switch

    Configured MAC is not authenticating Figure 37: Configured MAC is not authenticating Navigation Configure the switch on page 75 Configure the switch Configure the switch to ensure the correct settings are applied to ensure the MAC is authenticating. Task flow: Configure the switch The following task flow assists you to ensure the MAC is authenticating on the 2500 Series device.
  • Page 76 Troubleshooting authentication Figure 38: Configure the switch Navigation • Showing EAPOL port on page 76 • Setting global EAP enabled and port at eap-auto on page 77 • Showing EAPOL multihost on page 77 • Enabling allow non-EAPOL clients on page 77 •...
  • Page 77 Configured MAC is not authenticating 1. Use the show eapol port <port> command to display the port information. 2. Ensure that EAP is enabled globally, and that the port EAP status is set to auto. Setting global EAP enabled and port at eap-auto Make corrections to ensure that EAP is enabled globally, and that the port EAP status is set to auto.
  • Page 78 Troubleshooting authentication 1. Enter the show eapol multihost interface <port#> command to display the information. 2. Ensure that Allow Non-EAPOL clients is enabled. 3. Ensure that the Multihost status is enabled. Enabling multihost status and allow non-EAPOL clients Correct the non-EAP client attribute. 1.

  • Page 79: Non-Eap Radius Mac Not Authenticating

    Non-EAP RADIUS MAC not authenticating Non-EAP RADIUS MAC not authenticating Correct a non-EAP RADIUS MAC that is not authenticating. Work flow: Non-EAP RADIUS MAC not authenticating The following work flow assists you to determine the cause of and solution for a RADIUS MAC that does not authenticate.
  • Page 80 Troubleshooting authentication Task flow: Configure switch The following task flow assists you to configure the 2500 Series device to correct the RADIUS MAC issue. Figure 40: Configure switch Navigation • Displaying EAPOL port on page 80 • Setting global eap enabled and port at eap-auto on page 81 •...
  • Page 81 Non-EAP RADIUS MAC not authenticating 1. Enter the show eapol port <port#> command to display the information. 2. Ensure that global EAP is enabled and port is eap-auto. Setting global eap enabled and port at eap-auto Make required changes to enable EAP globally and to set the port status to auto. 1.

  • Page 82: Radius Server Configuration Error

    Troubleshooting authentication Displaying EAPOL multihost interface Review the EAPOL multihost information. 1. Enter the show eapol multihost interface <port#> command to display the information. 2. Verify the following: Use RADIUS To Authenticate Non EAP MACs is enabled Enabling RADIUS To Auth non-EAP MACs Make the required changes on the RADIUS server to authenticate non-EAP clients.

  • Page 83: Non-Eap Mhsa Mac Is Not Authenticating

    Non-EAP MHSA MAC is not authenticating Figure 41: RADIUS server configuration error Navigation Configuring MAC and password on RADIUS server on page 83 Configuring MAC and password on RADIUS server The RADIUS server requires that the MAC address and password for the 2500 Series device be correct.

  • Page 84: Configure Switch

    Troubleshooting authentication Figure 42: Non-EAP MHSA MAC is not authenticating Navigation Configure switch on page 84 Configure switch Configure the switch to enable MHSA. Task flow: Configure switch The following task flow assists you to enable MHSA on the 2500 Series device. Troubleshooting November 2010...
  • Page 85 Non-EAP MHSA MAC is not authenticating Figure 43: Configure switch Navigation • Showing EAPOL port on page 85 • Setting global EAP enabled and port at eap-auto on page 86 • Showing EAPOL multihost on page 86 • Formatting non-EAPOL RADIUS password attribute on page 86 •...
  • Page 86 Troubleshooting authentication 1. Enter the show eapol port <port#> command to display the information. 2. Ensure that global EAP is enabled and that the port status is eap-auto. Setting global EAP enabled and port at eap-auto Make the required changes to ensure that EAP is enabled globally and that the port status is set to auto.

  • Page 87: Eap-Non-Eap Unexpected Port Shutdown

    EAP–non-EAP unexpected port shutdown Showing EAPOL multihost interface Review the EAPOL multihost information. 1. Enter the show eapol multihost interface <port#> command to display the information. 2. Note the following: Allow Auto Non-EAP MHSA: Enabled Enabling RADIUS to auth non-EAP MACs Make the required changes on the RADIUS server to authenticate non-EAP clients Apply changes to RADIUS server using vendor documentation.

  • Page 88: Configure Switch

    Troubleshooting authentication Figure 44: EAP–non-EAP unexpected port shutdown Navigation Configure switch on page 88 Configure switch Configure ports to allow more unauthorized clients. Task flow: Configure switch The following task flow assists you to allow an increased number of unauthorized clients on the ports.
  • Page 89 EAP–non-EAP unexpected port shutdown Figure 45: Configure switch Navigation • Showing Logs on page 89 • Showing EAP–non-EAP clients on port on page 90 • Showing EAPOL port information on page 90 • Making changes on page 90 Showing Logs Display log information to provide additional information.
  • Page 90 Troubleshooting authentication Showing EAP–non-EAP clients on port Display EAP–non-EAP client information on the port to provide additional information. 1. Use the show mac-address-table command to show the clients on the port. 2. Observe the log output and note any anomalies. Showing EAPOL port information Display EAPOL port information for additional information.

This manual is also suitable for:

Al2515001Al2515002Al2515003Al2515004

Table of Contents