Troubleshooting

Unusual Network Activity

The supplicant statistics listing shows multiple ports with the same

authenticator MAC address. The link to the authenticator may have been moved from one port to another without the supplicant statistics having been cleared from the first port. Refer to “Note on Supplicant Statistics” in the chapter on Port-Based and User-Based Access Control in the Access Security Guide for your switch.

The show port-access authenticator < port-list> command shows one or more ports remain open after they have been configured with control unauthorized. 802.1X is not active on the switch. After you execute aaa port- access authenticator active, all ports configured with control unauthorized should be listed as Closed.

Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated.

Figure C-1. Authenticator Ports Remain “Open” Until ActivatedRADIUS server fails to respond to a request for service, even though

the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key. If the switch already has a server-specific key assigned to the server’s IP address, then it overrides the global key and must match the server key.

C-13