ES4710BD 10 Slots L2/L3/L4 Chassis Switch
process and is helpful in troubleshooting. Example: Enabling AAA debugging information. Switch#debug aaa
20.4.1.7debug dot1x
Command: debug dot1x no debug dot1x
Function: Enables dot1x debugging information; the “ no debug dot1x” command disables the dot1x debugging information.
Command mode: Admin Mode
Parameters: N/A.
Usage Guide: Enabling dot1x debug information allows the check of dot1x protocol negotiation process and is helpful in troubleshooting.
Example: Enabling dot1x debugging information. Switch#debug dot1x
20.4.2802.1x Troubleshooting
It is possible that 802.1x cannot be configured on ports, or 802.1x authentication is set to auto but cannot switch to authenticated state after the user runs 802.1x supplicant software. Here are some possible causes and solutions:
&If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning tree, or MAC binding, or configured as a Trunk port or for port aggregation. To enable the 802.1x authentication, the above functions must be disabled.
&If the switch is configured properly but still cannot pass through authentication, connectivity between the switch and RADIUS server, the switch and 802.1x client should be verified, and the port and VLAN configuration for the switch should be checked, too.
&Check the event log in the RADIUS server for possible causes. In the event log, not only unsuccessful logins are recorded, but prompts for the causes of unsuccessful login. If the event log indicates wrong authenticator password,
&Too frequent access to RADIUS data such as run “show aaa” commands may cause the user to be unable to pass through the authentication due to RADIUS data share violation. And the same reason may force users to go offline on
527
