Filter
Top Products
3. Troubleshooting Functional Failures in Operation
97
3.12.3 Communication Failure on Using MAC Authentication
For MAC authentication failure, isolate the problem according to the failure analysis method described in "Table
3-53: Failure Analysis Method for MAC Authentication."
For confirming Web authentication configuration and accounting information, isolate the problem according to the
failure analysis method described in "Table 3-54: Checking MAC Authentication Configuration" and "Table
3-55: MAC Authentication Failure Analysis Method."
Table 3-53: Failure Analysis Method for MAC Authentication
No. Troubleshooting Steps and Command Action
1 Check to see if the terminal can communicate.
• If authentication in Local authentication method failed, go to No. 2.
• If authentication in RADIUS authentication method failed, go to
No.3.
• Otherwise, go to No.5.
2 Check to see if MAC address and VLAN ID are
registered by the show mac-authentication
mac-address command.
• If MAC address is not registered yet, set MAC address and VLAN
ID by the set mac-authentication mac-address
command.
• Otherwise, go to No. 5.
3 Check to see the status of communication with
RADIUS server by the show
mac-authentication statistics
command.
• When "TxTotal" of [Account frames] indicates 0, confirm all of the
settings by configuration commands (aaa accounting
web-authentication default start-stop group
radius, radius-server host, and
mac-authentication radius-server host) are correct.
• For IP8800/S3600 and IP8800/S2400 models, even though the dead
interval lets RADIUS server get recovered from no-response state
and become able to communicate, the system is not able to collate
with the RADIUS server during a period of time specified by
configuration command authentication radius-server
dead-interval. As a result, an authentication error occurs.
In this case, if the period of time is too long for the system to wait for
an authentication error response, change the set value of
configuration command authentication radius-server
dead-interval or execute the clear
web-authentication dead-interval-timer command.
Authentication action against the first RADIUS will be taken again.
• Otherwise, go to No. 4.
4 Check to see if MAC address and password are
registered in RADIUS server.
• If MAC address has not been registered as a User ID for RADIUS
Server yet, register it.
• If you use MAC address as a password, set the same value as in MAC
address.
• Once you registered common values to the RADIUS servers as a
password, check to see if the password is the same as one registered
by the configuration command mac-authentication
password.
• Otherwise, go to No.5.