NEC IP8800/S2400 User Manual
3.
Troubleshooting Functional Failures in Operation
99
Table 3-54: Checking MAC Authentication Configuration
For the configuration relating to the MAC authentication accounting, check the following.
Table 3-55: MAC Authentication Failure Analysis Method
3.12.4
Communication Failure on Using Authentication VLAN [OP-VAA]
For failures that occurred when using the authentication VLAN, isolate the cause according to the table below.
No.
Check Point
Troubleshooting Steps
1
Setting of MAC authentication configuration
Confirm that the settings by the following configuration commands are
correct:
• aaa accounting mac-authentication default
correct:
• aaa accounting mac-authentication default
start-stop group radius
• aaa authentication mac-authentication default
group radius
• mac-authentication password
• mac-authentication port
• mac-authentication radius-server host
• mac-authentication static-vlan max-user
• mac-authentication system-auth-control
• mac-authentication port
• mac-authentication radius-server host
• mac-authentication static-vlan max-user
• mac-authentication system-auth-control
5
Access filter setting for authentication
When using IP8800/S3600 or IP8800/S2400 model in static VLAN
mode, confirm that the filter condition permits pre-authenticated
terminals to send packets out of the system is set by the configuration
command authentication ip access-group or ip
access-list extended.
mode, confirm that the filter condition permits pre-authenticated
terminals to send packets out of the system is set by the configuration
command authentication ip access-group or ip
access-list extended.
No.
Check Point
Troubleshooting Steps
1
Check to see if account has been recorded in the
authentication result.
authentication result.
• When authentication status is not displayed by the show
mac-authentication login command, see "
• If authentication status is not recorded in the accounting server, go to
No.2.
• If authentication status is not recorded in the syslog server, go to
No.3.
2
Check to see communication status with accounting
server by the show mac-authentication
statistics command.
server by the show mac-authentication
statistics command.
• When "TxTotal" of [Account frames] indicates 0, confirm the setting
by configuration command aaa accounting
mac-authentication default start-stop group
radius, radius-server host, or
mac-authentication radius-server host is correct.
mac-authentication default start-stop group
radius, radius-server host, or
mac-authentication radius-server host is correct.
• Otherwise, check the configurations for MAC authentication.
3
Check to see the settings of syslog server.
Confirm the settings by the following commands are correct.
• Confirm syslog server is configured by the logging host
• Confirm syslog server is configured by the logging host
command
• Confirm "aut" is set as an event kind by the logging
event-kind command.
• Confirm the setting by the mac-authentication logging
enable command is done.