Filter
Top Products
C-13
Troubleshooting
Unusual Network Activity
a server-specific key. If the switch already has a server-specific key assigned
to the server’s IP address, then it overrides the global key and must match the
server key.
Figure C-3. Example of How To List the Global and Server-Specific Radius
Encryption Keys
Also, ensure that the switch port used to access the RADIUS server is not
blocked by an 802.1X configuration on that port. For example, show port-
access authenticator < port-list > gives you the status for the specified ports.
Also, ensure that other factors, such as port security or any 802.1X configura-
tion on the RADIUS server are not blocking the link.
The authorized MAC address on a port that is configured for both
802.1X and port security either changes or is re-acquired after
execution of aaa port-access authenticator < port-list > initialize. If the port is
force-authorized with aaa port-access authenticator <port-list> control authorized
command and port security is enabled on the port, then executing initialize
causes the port to clear the learned address and learn a new address from the
first packet it receives after you execute initialize.
A trunked port configured for 802.1X is blocked. If you are using
RADIUS authentication and the RADIUS server specifies a VLAN for the port,
the switch allows authentication, but blocks the port. To eliminate this prob-
lem, either remove the port from the trunk or reconfigure the RADIUS server
to avoid specifying a VLAN.
Global RADIUS Encryption Key
Unique RADIUS Encryption Key for
the RADIUS server at 10.33.18.119