Manualshelf

Management and Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
371372373374375376377378379380
There can be several reasons for not receiving a response to an authentication request. Do the
following:
Use ping to ensure that the switch has access to the configured RADIUS servers.
Verify that the switch is using the correct encryption key (RADIUS secret key) for each server.
Verify that the switch has the correct IP address for each RADIUS server.
Ensure that the radius-server timeout period is long enough for network conditions.
The switch does not authenticate a client even though the RADIUS server is properly configured
and providing a response to the authentication request
If the RADIUS server configuration for authenticating the client includes a VLAN assignment, ensure
that the VLAN exists as a static VLAN on the switch.
During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client
sessions is lost
If the affected VLAN is configured as untagged on the port, it may be temporarily blocked on that
port during an 802.1X session. This is because the switch has temporarily assigned another VLAN
as untagged on the port to support the client access, as specified in the response from the RADIUS
server.
The switch appears to be properly configured as a supplicant, but cannot gain access to the intended
authenticator port on the switch to which it is connected
If aaa authentication port-access is configured for Local, ensure that you have entered
the local login (operator-level) username and password of the authenticator switch into the
identity and secret parameters of the supplicant configuration. If instead, you enter the enable
(manager-level) username and password, access will be denied.
The supplicant statistics listing shows multiple ports with the same authenticator MAC address
The link to the authenticator may have been moved from one port to another without the supplicant
statistics having been cleared from the first port.
The show port-access authenticator <port-list> command shows one or more
ports remain open after they have been configured with control unauthorized
802.1X is not active on the switch. After you execute aaa port-access authenticator
active, all ports configured with control unauthorized should be listed as Closed.
Figure 197 Authenticator ports remain "open" until activated
Unusual network activity 375