3. Troubleshooting Functional Failures in Operation

Table 3-54: Checking MAC Authentication Configuration

No.

Check Point

Troubleshooting Steps

 

 

 

1

Setting of MAC authentication configuration

Confirm that the settings by the following configuration commands are

 

 

correct:

 

 

aaa accounting mac-authentication default

 

 

start-stop group radius

 

 

aaa authentication mac-authentication default

 

 

group radius

 

 

mac-authentication password

 

 

mac-authentication port

 

 

mac-authentication radius-server host

 

 

mac-authentication static-vlan max-user

 

 

mac-authentication system-auth-control

5

Access filter setting for authentication

When using IP8800/S3600 or IP8800/S2400 model in static VLAN

 

 

mode, confirm that the filter condition permits pre-authenticated

 

 

terminals to send packets out of the system is set by the configuration

 

 

command authentication ip access-group or ip

 

 

access-list extended.

For the configuration relating to the MAC authentication accounting, check the following.

Table 3-55: MAC Authentication Failure Analysis Method

No.

Check Point

 

Troubleshooting Steps

 

 

 

 

1

Check to see if account has been recorded in the

When authentication status is not displayed by the show

 

authentication result.

 

mac-authentication login command, see "Table

 

 

 

3-53: Failure Analysis Method for MAC Authentication."

 

 

If authentication status is not recorded in the accounting server, go to

 

 

 

No.2.

 

 

If authentication status is not recorded in the syslog server, go to

 

 

 

No.3.

 

 

 

 

2

Check to see communication status with accounting

When "TxTotal" of [Account frames] indicates 0, confirm the setting

 

server by the show mac-authentication

 

by configuration command aaa accounting

 

statistics command.

 

mac-authentication default start-stop group

 

 

 

radius, radius-server host, or

 

 

 

mac-authentication radius-server host is correct.

 

 

Otherwise, check the configurations for MAC authentication.

3

Check to see the settings of syslog server.

Confirm the settings by the following commands are correct.

 

 

Confirm syslog server is configured by the logging host

 

 

 

command

 

 

Confirm "aut" is set as an event kind by the logging

 

 

 

event-kind command.

 

 

Confirm the setting by the mac-authentication logging

 

 

 

enable command is done.

3.12.4Communication Failure on Using Authentication VLAN [OP-VAA]

For failures that occurred when using the authentication VLAN, isolate the cause according to the table below.

99

Page 161
Image 161
NEC IP8800/S3600 Communication Failure on Using Authentication Vlan OP-VAA, Checking MAC Authentication Configuration

IP8800/S6700, IP8800/S3600, IP8800/S6600, IP8800/S6300, IP8800/S2400 specifications

The NEC IP8800 series comprises a range of advanced networking solutions designed for various applications ranging from enterprise networking to service provider environments. This series includes models such as the IP8800/S2400, IP8800/S3600, IP8800/S6300, IP8800/S6600, and IP8800/S6700, each with its unique set of features and capabilities aimed at delivering robust performance, security, and scalability.

The IP8800/S2400 is an entry-level switch tailored for small to medium enterprises. It features a compact design and high port density, making it ideal for network edge applications. The model supports both Layer 2 and Layer 3 switching capabilities, enabling efficient traffic management. With its robust security features, including access control lists and support for VLANs, the IP8800/S2400 ensures secure connectivity.

Moving to the IP8800/S3600, this switch is designed for data center environments and offers high throughput with advanced routing capabilities. It is equipped with high-capacity 10G and 40G Ethernet ports, facilitating faster data transfer rates. The S3600 supports various protocols such as MPLS and Segment Routing, enhancing its ability to manage complex network architectures. Its energy-efficient design also helps reduce operational costs.

The IP8800/S6300 is tailored for high-performance networking scenarios, featuring a flexible architecture that supports both traditional and cloud-based services. With extensive QoS capabilities, the S6300 optimizes traffic flow and manages bandwidth efficiently, ensuring high-quality service delivery. Its virtualization support allows for easier integration into modern, software-defined networking environments.

The IP8800/S6600 provides a comprehensive solution for service providers and large enterprises, boasting high scalability and modularity. This model supports advanced features such as network slicing and the ability to handle high-density 100G interfaces. Its robust management tools, including centralized control and automation capabilities, simplify network operations significantly.

Finally, the IP8800/S6700 represents the pinnacle of the series, designed for mission-critical applications requiring the utmost reliability and performance. It supports advanced analytics, AI-driven insights, and comprehensive telemetry, enabling proactive network management. With high availability features and extensive redundancy options, the S6700 ensures continuous operation, making it ideal for core network functions.

In summary, the NEC IP8800 series offers a versatile range of switches that combine advanced technologies, high performance, and robust security features, catering to various networking needs across different industries. Each model is designed to provide not only superior connectivity but also the flexibility and scalability required in today’s fast-paced digital landscape.