3. Troubleshooting Functional Failures in Operation

3.12 Layer 2 Authentication Communication Failure

3.12.1Communication Failure on Using IEEE 802.1X

If authentication is disabled when using IEEE 802.1X, isolate the problem by following failure analysis methods shown in the table below.

Table 3-48: IEEE 802.1X Failure Analysis Method

No.

Troubleshooting Steps and Command

 

Action

 

 

 

1

Execute the show dot1x command and

If "Dot1x doesn't seem to be running" is displayed, IEEE802.1X has stopped.

 

check the operation status of the

Check to see if the dot1x system-auth-controlcommand is set in the

 

IEEE802.1X.

configuration.

 

 

Go to No. 2 if "System 802.1X: Enable" is displayed.

 

 

 

2

Execute the show dot1x statistics

If RxTotal of [EAPOL frames] is 0, the terminal does not send EAPOL. If

 

command and confirm that EAPOL is

RxInvalid or RxLenErr is not 0, illegal EAPOL has been received from the

 

exchanged.

terminal. When illegal EAPOL is received, log is recorded. The log can be

 

 

browsed using show dotlx logging command. The log shows the "Invalid

 

 

EAPOL frame received" message and the contents of illegal EAPOL. Check the

 

 

Supplicant setting on the terminal.

 

 

Otherwise, go to No. 3.

 

 

 

3

Execute the show dot1x statistics

If "TxTotal" of [EAP overRADIUS frames] is set to 0, it indicates that no data is

 

command and confirm that data is sent to the

sent to the RADIUS server. Confirm the following:

 

RADIUS server.

Check to see if aaa authentication dot1x default group

 

 

 

radius is set by the configuration command.

 

 

Check to see if the configuration command radius-server host is set

 

 

 

correctly.

 

 

If the authentication mode is port authentication or VLAN authentication

 

 

 

(static), confirm that the authentication terminal is not registered by the

 

 

 

configuration command mac-address-table static. If the

 

 

 

authentication mode is VLAN authentication (dynamic), confirm that the

 

 

 

authentication terminal is not registered by the configuration command

 

 

 

mac-address.

 

 

If the authentication mode is VLAN authentication (dynamic), check to see if

 

 

 

aaa authorization network default group radius is set by

 

 

 

the configuration command.

 

 

Otherwise, go to No. 4.

 

 

 

4

Execute the show dot1x statistics

If "RxTotal" of [EAP overRADIUS frames] is set to 0, packets are not received

 

command and confirm that data is received

from the RADIUS server. Confirm the following:

 

from the RADIUS server.

If the RADIUS server is accommodated in the remote network, confirm that the

 

 

 

route to the remote network exists.

 

 

Confirm that the port of the RADIUS server is excluded from authentication.

 

 

Otherwise, go to No. 5.

 

 

 

5

Execute the show dot1x logging

If "Invalid EAP over RADIUS frames received" is output, illegal packets are

 

command and check exchange with the

 

received from the RADIUS server. Check to see if the RADIUS server is

 

RADIUS server.

 

normally operating.

 

 

If "Failed to connect to RADIUS server" is output, connection to the RADIUS

 

 

 

server failed. Check to see if the RADIUS server is normally operating.

 

 

Otherwise, go to No. 6.

 

 

 

 

89

Page 150 Page 152
Page 151
Image 151
NEC IP8800/S3600, IP8800/S6600 manual Layer 2 Authentication Communication Failure, Communication Failure on Using Ieee
Page 150 Page 152

IP8800/S6700, IP8800/S3600, IP8800/S6600, IP8800/S6300, IP8800/S2400 specifications

The NEC IP8800 series comprises a range of advanced networking solutions designed for various applications ranging from enterprise networking to service provider environments. This series includes models such as the IP8800/S2400, IP8800/S3600, IP8800/S6300, IP8800/S6600, and IP8800/S6700, each with its unique set of features and capabilities aimed at delivering robust performance, security, and scalability.

The IP8800/S2400 is an entry-level switch tailored for small to medium enterprises. It features a compact design and high port density, making it ideal for network edge applications. The model supports both Layer 2 and Layer 3 switching capabilities, enabling efficient traffic management. With its robust security features, including access control lists and support for VLANs, the IP8800/S2400 ensures secure connectivity.

Moving to the IP8800/S3600, this switch is designed for data center environments and offers high throughput with advanced routing capabilities. It is equipped with high-capacity 10G and 40G Ethernet ports, facilitating faster data transfer rates. The S3600 supports various protocols such as MPLS and Segment Routing, enhancing its ability to manage complex network architectures. Its energy-efficient design also helps reduce operational costs.

The IP8800/S6300 is tailored for high-performance networking scenarios, featuring a flexible architecture that supports both traditional and cloud-based services. With extensive QoS capabilities, the S6300 optimizes traffic flow and manages bandwidth efficiently, ensuring high-quality service delivery. Its virtualization support allows for easier integration into modern, software-defined networking environments.

The IP8800/S6600 provides a comprehensive solution for service providers and large enterprises, boasting high scalability and modularity. This model supports advanced features such as network slicing and the ability to handle high-density 100G interfaces. Its robust management tools, including centralized control and automation capabilities, simplify network operations significantly.

Finally, the IP8800/S6700 represents the pinnacle of the series, designed for mission-critical applications requiring the utmost reliability and performance. It supports advanced analytics, AI-driven insights, and comprehensive telemetry, enabling proactive network management. With high availability features and extensive redundancy options, the S6700 ensures continuous operation, making it ideal for core network functions.

In summary, the NEC IP8800 series offers a versatile range of switches that combine advanced technologies, high performance, and robust security features, catering to various networking needs across different industries. Each model is designed to provide not only superior connectivity but also the flexibility and scalability required in today’s fast-paced digital landscape.
Top Page Image Contents