Filter
Top Products
C-12
Troubleshooting
Unusual Network Activity
The switch appears to be properly configured as a supplicant, but
cannot gain access to the intended authenticator port on the switch
to which it is connected. If aaa authentication port-access is configured for
Local, ensure that you have entered the local login (operator-level) username
and password of the authenticator switch into the identity and secret parame-
ters of the supplicant configuration. If instead, you enter the enable (manager-
level) username and password, access will be denied.
The supplicant statistics listing shows multiple ports with the same
authenticator MAC address. The link to the authenticator may have been
moved from one port to another without the supplicant statistics having been
cleared from the first port. Refer to the “Note on Supplicant Statistics” in the
Access Security Guide for your switch.
The show port-access authenticator < port-list > command shows one or more
ports remain open after they have been configured with control
unauthorized. 802.1X is not active on the switch. After you execute aaa port-
access authenticator active, all ports configured with control unauthorized
should be listed as Closed.
Figure C-2. Example of a Port Remaining Open After Being Configured with “Control Unauthorized”
RADIUS server fails to respond to a request for service, even though
the server’s IP address is correctly configured in the switch. Use
show radius to verify that the encryption key (RADIUS secret key) the switch
is using is correct for the server being contacted. If the switch has only a global
key configured, then it either must match the server key or you must configure
Port A9 shows an “Open” status even
though Access Control is set to
Unauthorized (Force Auth). This is
because the port-access
authenticator has not yet been
activated.