Filter
Top Products
3. Troubleshooting Functional Failures in Operation
100
Table 3-56: Authentication VLAN Failure Analysis Method
No. Troubleshooting Steps and Command Action
1 Execute the show logging command and check
to see if hardware failures are recorded in the
operation log.
• If hardware failures are recorded in the operation log, replace the
system.
• Otherwise, go to No. 2.
2 Execute the show fense server command and
confirm that the system runs normally.
• If error message "Connection failed to VAA program." is displayed,
go to No. 8.
• Otherwise, go to No. 3.
3 Execute the show fense server command and
check the operation status of the authentication
VLAN.
• If VAA NAME is not set ("-" displayed), the fense vaa-name
configuration is not set. Set the fense vaa-name configuration.
• If "disable" is displayed in Status for each <vaa_id>, the
authentication VLAN has stopped. Check the configuration.
• Otherwise, go to No. 4.
4 Execute the show fense server command and
check the status of connection with the
authentication server.
• If "Server Address" indication for each <vaa_id> is different from
the IP address of the authentication server or "Port" indication is
different from the TCP port number of the authentication server,
communication with the authentication server is disabled. Check the
configuration.
• If other than CONNECTED is displayed in "Agent Status" for each
<vaa_id>, connection with the authentication server is disconnected.
Check the authentication server status and settings.
• Otherwise, go to No. 5.
5 Specify "detail" parameter by the show fense
server command, and check the setting status of
the fense vlan configuration.
• If VLAN ID for each <vaa_id> is not displayed or the display
contents are incorrect, VLAN to be switched over after terminal
authentication is not provided. Check the configuration.
• Otherwise, go to No. 6.
6 Execute the show fense statistics
command a few times and check the status of
connection with the authentication server.
• If "Connect Failure Count" and "Timeout Disconnect Count" for
each <vaa_id> are incremented, connection with the authentication
server is unstable. Check the status of network to the authentication
server.
• If the status of network is normal, check that value "alive-time" set
by the configuration command fense alive-timer and the
value of parameters set for the authentication server ("HCinterval"
and "RecvMsgTimeout") are as follows:
alive-time >= HCinterval + 5
RecvMsgTimeout >= HCinterval + 5
• If communication with the authentication server is connected and
disconnected repeatedly, use the restart vaa command to restart
the authentication VLAN, VLANaccessController at the
authentication server, and each function of the authentication VLAN.
• Otherwise, go to No. 7.
7 Execute the show fense statistics
command and confirm that exchange with the MAC
VLAN function is performed.
• If each Request count of "VLANaccessAgent Recv Message"
displayed for each <vaa_id> does not match each Request count of
"Terget-VLAN Registration," internal conflict has occurred. Restart
the authentication VLAN using the restart vaa command.
• Otherwise, go to No. 8.