Qos-related problems, Radius-related problems – HP 2910AL User Manual
Page 505
Troubleshooting
Unusual Network Activity
Also, ensure that the switch port used to access the RADIUS server is not
blocked by an 802.1X configuration on that port. For example,
show port-
access authenticator < port-list > gives you the status for the specified ports.
Also, ensure that other factors, such as port security or any 802.1X configura
tion on the RADIUS server are not blocking the link.
The authorized MAC address on a port that is configured for both
802.1X and port security either changes or is re-acquired after
execution of
aaa port-access authenticator < port-list > initialize. If the port is
force-authorized with
aaa port-access authenticator
command and port security is enabled on the port, then executing
initialize
causes the port to clear the learned address and learn a new address from the
first packet it receives after you execute
initialize.
A trunked port configured for 802.1X is blocked.
If you are using
RADIUS authentication and the RADIUS server specifies a VLAN for the port,
the switch allows authentication, but blocks the port. To eliminate this
problem, either remove the port from the trunk or reconfigure the RADIUS
server to avoid specifying a VLAN.
QoS-Related Problems
Loss of communication when using VLAN-tagged traffic.
If you cannot
communicate with a device in a tagged VLAN environment, ensure that the
device either supports VLAN tagged traffic or is connected to a VLAN port that
is configured as
Untagged
.
Radius-Related Problems
The switch does not receive a response to RADIUS authentication
requests.
In this case, the switch will attempt authentication using the
secondary method configured for the type of access you are using (console,
Telnet, or SSH).
There can be several reasons for not receiving a response to an authentication
request. Do the following:
■
Use
ping to ensure that the switch has access to the configured RADIUS
server.
■
Verify that the switch is using the correct encryption key for the desig
nated server.
■
Verify that the switch has the correct IP address for the RADIUS server.
C-17