C-12
Troubleshooting
Unusual Network Activity
The authorized MAC address on a port that is configured for both
802.1x and port security either changes or is re-acquired after
execution of
aaa port-access authenticator <
port-lis
t > initialize
.
If the port is
force-authorized with
aaa port-access authenticator <port-list> control authorized
command and port security is enabled on the port, then executing
initialize
causes the port to clear the learned address and learn a new address from the
first packet it receives after you execute
initialize
.
A trunked port configured for 802.1x is blocked.
If you are using
RADIUS authentication and the RADIUS server specifies a VLAN for the port,
the switch allows authentication, but blocks the port. To eliminate this prob-
lem, either remove the port from the trunk or reconfigure the RADIUS server
to avoid specifying a VLAN.
Radius-Related Problems
The switch does not receive a response to RADIUS authentication
requests.
In this case, the switch will attempt authentication using the
secondary method configured for the type of acces you are using (console,
Telnet, or SSH).
There can be several reasons for not receiving a response to an authentication
request. Do the following:
■
Use
ping
to ensure that the switch has access to the configured RADIUS
server.
■
Verify that the switch is using the correct encryption key for the desig-
nated server.
■
Verify that the switch has the correct IP address for the RADIUS server.
■
Ensure that the
radius-server timeout
period is long enough for network
conditions.
■
Verify that the switch is using the same UDP port number as the server.
RADIUS server fails to respond to a request for service, even though
the server’s IP address is correctly configured in the switch.
Use
show radius
to verify that the encryption key the switch is using is correct for
the server being contacted. If the switch has only a global key configured, then
it either must match the server key or you must configure a server-specific
key. If the switch already has a server-specific key assigned to the server’s IP
address, then it overrides the global key and must match the server key.
Summary of Contents for ProCurve 4104GL
Page 2: ......
Page 26: ...xxiv Getting Started Need Only a Quick Start ...
Page 34: ...1 8 Selecting a Management Interface Advantages of Using HP TopTools for Hubs Switches ...
Page 50: ...2 16 Using the Menu Interface Where To Go From Here ...
Page 172: ...8 24 Time Protocols SNTP Messages in the Event Log ...
Page 240: ...10 30 Configuring for Network Management Applications CDP ...
Page 288: ...11 48 Port Based Virtual LANs VLANs and GVRP GVRP ...
Page 480: ...C 38 Troubleshooting Restoring a Flash Image ...
Page 486: ...D 6 MAC Address Management Determining MAC Addresses ...
Page 490: ......
Page 502: ...12 Index ...
Page 503: ......