3. Troubleshooting Functional Failures in Operation
99
Table 3-54: Checking MAC Authentication Configuration
For the configuration relating to the MAC authentication accounting, check the following.
Table 3-55: MAC Authentication Failure Analysis Method
3.12.4 Communication Failure on Using Authentication VLAN [OP-VAA]
For failures that occurred when using the authentication VLAN, isolate the cause according to the table below.
No. Check Point Troubleshooting Steps
1 Setting of MAC authentication configuration Confirm that the settings by the following configuration commands are
correct:
• aaa accounting mac-authentication default
start-stop group radius
• aaa authentication mac-authentication default
group radius
• mac-authentication password
• mac-authentication port
• mac-authentication radius-server host
• mac-authentication static-vlan max-user
• mac-authentication system-auth-control
5 Access filter setting for authentication When using IP8800/S3600 or IP8800/S2400 model in static VLAN
mode, confirm that the filter condition permits pre-authenticated
terminals to send packets out of the system is set by the configuration
command authentication ip access-group or ip
access-list extended.
No. Check Point Troubleshooting Steps
1 Check to see if account has been recorded in the
authentication result.
• When authentication status is not displayed by the show
mac-authentication login command, see "Table
3-53: Failure Analysis Method for MAC Authentication."
• If authentication status is not recorded in the accounting server, go to
No.2.
• If authentication status is not recorded in the syslog server, go to
No.3.
2 Check to see communication status with accounting
server by the show mac-authentication
statistics command.
• When "TxTotal" of [Account frames] indicates 0, confirm the setting
by configuration command aaa accounting
mac-authentication default start-stop group
radius, radius-server host, or
mac-authentication radius-server host is correct.
• Otherwise, check the configurations for MAC authentication.
3 Check to see the settings of syslog server. Confirm the settings by the following commands are correct.
• Confirm syslog server is configured by the logging host
command
• Confirm "aut" is set as an event kind by the logging
event-kind command.
• Confirm the setting by the mac-authentication logging
enable command is done.