Specifications
248
DCS-3950 series Ethernet switch manual
authentication state machine information;all represents all the state machine information;
<InterfaceName> is the name of interface.
Usage Guide: None.
Example: Enable debugging for dot1x state machines.
Switch#debug dot1x fsm asm interface 0/0/1
14.4.2 802.1x Troubleshooting
It is possible that 802.1x be congfigured on ports and 802.1x authentication be setted
to auto,but switch cann’t be to authenticated state after the user runs 802.1x supplicant
software. Here are some possible causes and solutions:
z If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning
tree, or MAC binding, or configured as a Trunk port or for port aggregation. To enable
the 802.1x authentication, the above functions must be disabled.
z If the switch is configured properly but still cannot pass through authentication,
connectivity between the switch and RADIUS server, the switch and 802.1x client
should be verified, and the port and VLAN configuration for the switch should be
checked, too.
z Check the event log in the RADIUS server for possible causes. In the event log, not
only unsuccessful logins are recorded, but prompts for the causes of unsuccessful
login. If the event log indicates wrong authenticator password, radius-server key
parameter shall be modified; if the event log indicates no such authenticator, the
authenticator needs to be added to the RADIUS server; if the event log indicates no
such login user, the user login ID and password may be wrong and should be verified
and input again.
z If the access mode of a port is userbased advanced and static user is configured on
RADIUS server but is not issued to the switch, first check whether the RADIUS server
is configured correctly using the command’ip user helper addres’, and then check
whether the RADIUS server configured static user on the port, last check the issueing
of static user using the command’ show dot1x interface’