12 debug dot1x fsm, 2 802.1x troubleshooting – Amer Networks SS2R48G4i V2 User Manual

SS2R24G4i/SS2R48G4i

127

Command Mode

Admin Mode

Parameters pkt-send

represents the detail of sending packets; pkt-receive represen the details of

receiving packets; internal represents internal details; userbased represents the user-based
information; all represents all the detailed informations; is the name of interface.

14.4.1.12 debug dot1x fsm

Command debug dot1x fsm {asm|aksm|ratsm|basm|all} interface {[ethernet] }

no debug dot1x fsm {asm|aksm|ratsm|basm|all} interface {[ethernet] }

Function

Enable the limited state machine debug information of dot1x; the “no debug dot1x fsm

{asm|aksm|ratsm|basm|all} interface {[ethernet] } ” command is to disable the limited
state machine debug information of dot1x

Command Mode

Admin Mode

Parameters asm

represents the authenticator state machine information; aksm represents the

authenticator key transmission state machine state; ratsm represents reauthentication timer state
machine information; basm represents background authentication state machine information; all
represents all the state machine information; is the name of interface.

14.4.2 802.1x Troubleshooting

It is possible that 802.1x be congfigured on ports and 802.1x authentication be setted to auto，but

switch cann’t be to authenticated state after the user runs 802.1x supplicant software. Here are some
possible causes and solutions

z

If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning tree, or MAC

binding, or configured as a Trunk port or for port aggregation. To enable the 802.1x authentication,

the above functions must be disabled.

z

If the switch is configured properly but still cannot pass through authentication, connectivity

between the switch and RADIUS server, the switch and 802.1x client should be verified, and the

port and VLAN configuration for the switch should be checked, too.

z

Check the event log in the RADIUS server for possible causes. In the event log, not only

unsuccessful logins are recorded, but prompts for the causes of unsuccessful login. If the event log

indicates wrong authenticator password, radius-server key parameter shall be modified; if the event

log indicates no such authenticator, the authenticator needs to be added to the RADIUS server; if

the event log indicates no such login user, the user login ID and password may be wrong and

should be verified and input again.

z

If the access mode of a port is userbased advanced and static user is configured on RADIUS server

but is not issued to the switch, first check whether the RADIUS server is configured correctly using

the command”ip user helper addres”, and then check whether the RADIUS server configured static

user on the port, last check the issueing of static user using the command” show dot1x interface”