Manualshelf

Management and Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
371372373374375376377378379380
There can be several reasons for not receiving a response to an authentication request. Do the
following:
Use ping to ensure that the switch has access to the configured RADIUS server.
Verify that the switch is using the correct encryption key for the designated server.
Verify that the switch has the correct IP address for the RADIUS server.
Ensure that the radius-server timeout period is long enough for network conditions.
Verify that the switch is using the same UDP port number as the server.
NOTE: Because of an inconsistency between the Windows XP 802.1x supplicant timeout value
and the switch default timeout value, which is 5, when adding a backup RADIUS server, set the
switch radius-server timeout value to 4. Otherwise, the switch may not failover properly to the
backup RADIUS server.
RADIUS server fails to respond to a request for service, even though the server's IP address is
correctly configured in the switch
Use show radius to verify that the encryption key the switch is using is correct for the server
being contacted. If the switch has only a global key configured, it either must match the server key
or you must configure a server-specific key. If the switch already has a server-specific key assigned
to the server's IP address, it overrides the global key and must match the server key.
Figure 199 Examples of global and unique encryption keys
MSTP and fast-uplink problems
CAUTION: If you enable MSTP, HP recommends that you leave the remainder of the MSTP
parameter settings at their default values until you have had an opportunity to evaluate MSTP
performance in your network. Because incorrect MSTP settings can adversely affect network
performance, you should avoid making changes without having a strong understanding of how
MSTP operates. To learn the details of MSTP operation, see the IEEE802.1s standard.
Broadcast storms appearing in the network
This can occur when there are physical loops (redundant links) in the topology. Where this exists,
you should enable MSTP on all bridging devices in the topology to detect the loop.
STP blocks a link in a VLAN even though there are no redundant links in that VLAN
In 802.1Q-compliant switches, MSTP blocks redundant physical links even if they are in separate
VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices. Also, if
ports are available, you can improve the bandwidth in this situation by using a port trunk.
Unusual network activity 377