Unable To Enable Lacp On A Port With The Interface Lacp Command; Port-Based Access Control (802.1X)-Related Problems; The Switch Does Not Receive A Response To Radius Authentication Requests; The Switch Does Not Authenticate A Client Even Though The Radius Server Is Properly Configured And Providing A Response To The Authentication Request - HP Aruba JL253A Management And Configuration Manual
For arubaos-switch 16.08
Table of Contents
Unable to enable LACP on a port with the interface lacp
command
In this case, the switch displays the following message:
Operation is not allowed for a trunked port.
You cannot enable LACP on a port while it is configured as a static Trunk port. To enable LACP on a static-
trunked port:
Procedure
1. Use the no trunk command to disable the static trunk assignment.
2. Execute interface lacp .
CAUTION: Removing a port from a trunk without first disabling the port can create a traffic loop that
can slow down or halt your network. Before removing a port from a trunk, Hewlett Packard Enterprise
recommends that you either disable the port or disconnect it from the LAN.
Port-based access control (802.1X)-related problems
NOTE:
To list the 802.1X port-access Event Log messages stored on the switch, use show log 802.
See also Radius-related problems on page 467.
The switch does not receive a response to RADIUS authentication requests
In this case, the switch attempts authentication using the secondary method configured for the type of access you
are using (console, Telnet, or SSH).
There can be several reasons for not receiving a response to an authentication request. Do the following:
•
Use ping to ensure that the switch has access to the configured RADIUS servers.
•
Verify that the switch is using the correct encryption key (RADIUS secret key) for each server.
•
Verify that the switch has the correct IP address for each RADIUS server.
•
Ensure that the radius-server timeout period is long enough for network conditions.
The switch does not authenticate a client even though the RADIUS server is properly
configured and providing a response to the authentication request
If the RADIUS server configuration for authenticating the client includes a VLAN assignment, ensure that the
VLAN exists as a static VLAN on the switch. See "How 802.1X Authentication Affects VLAN Operation" in the
access security guide for your switch.
During RADIUS-authenticated client sessions, access to a VLAN on the port used for
the client sessions is lost
If the affected VLAN is configured as untagged on the port, it may be temporarily blocked on that port during an
802.1X session. This is because the switch has temporarily assigned another VLAN as untagged on the port to
support the client access, as specified in the response from the RADIUS server. See "How 802.1X Authentication
Affects VLAN Operation" in the access security guide for your switch.
Chapter 13 Troubleshooting
465
Table of Contents
Troubleshooting
