Filter
Top Products
3. Troubleshooting Functional Failures in Operation
93
4 Check to see authentication Ipv4 access list
• For IP8800/S6700, IP8800/S6600, and IP8800/S6300 models, go to
No.9.
• If a terminal before authentication sends packets out of the system,
confirm that authentication IPv4 access list is applied.
If access list and authentication IPv4 access list both are applied to
the port for authentication, make sure the filter conditions described
in IPv4 access list are set in the access list as well.
• Confirm that filter condition for denying packets (such as deny ip) is
not set to the access list/authentication IPv4 access list applied to the
port for authentication.
• Confirm that the IP address dedicated for Web authentication is not
set in the filter condition of authentication IPv4 access list.
• Confirm that "any" is not specified as a destination address in the
filter conditions of authentication IPv4 access list.
• Otherwise, go to No.9.
5Use the show web-authentication user
command to check to see if user ID is registered.
• If not registered, use the set web-authentication user
command to register the user ID, password, and VLAN-ID.
• Otherwise, go to No. 6.
6 Check to see if the entered password is correct.
• If not correct, use the set web-authentication passwd
command to change the password, or use the remove
web-authentication user command to delete the user ID
once, then use the set web-authentication user
command to register the user ID, password, and VLAN-ID again.
• Otherwise, go to No. 9.
7Use the show web-authentication
statistics command to check the
communication status with the RADIUS server.
• If the value of "TxError" of "[RADIUS frames]" is "0", check to see
if aaa authentication web-authentication
default group radius and radius-server host in the
configuration command are set correctly.
• For IP8800/S3600 and IP8800/S2400 models, even though the dead
interval lets RADIUS server get recovered from no-response state
and become able to communicate, the system is not able to collate
with the RADIUS server during a period of time specified by the
configuration command authentication radius-server
dead-interval. As a result, authentication error occurs.
In this case, if the period of time is too long for the system to wait for
an authentication error response, change the set value of
configuration command authentication radius-server
dead-interval or execute the clear
web-authentication dead-interval-timer command.
Authentication action against the first RADIUS will be taken again.
•
Otherwise, go to No. 8.
8 Check to see if the user ID and password are
registered for the RADIUS server.
• If not registered, register the user ID and password for the RADIUS
server.
• Otherwise, go to No. 9.
9Use the show web-authentication
statistics command to check to see if Web
authentication statistical information is displayed.
• If not displayed, go to No. 8.
• Otherwise, go to No. 11.
10 Check to see if configuration command
web-authentication
system-auth-control is set.
• If not, set the configuration command web-authentication
system-auth-control.
• Otherwise, go to No. 11.
No. Troubleshooting Steps and Command Action