Ruijie Community
Title: When I'm deploying 802.1x authentication but it fails [Print this page]
Author: Levy Time: 2018-4-4 11:10
Title: When I'm deploying 802.1x authentication but it fails
hello, guys
When I'm deploying 802.1x authentication but it fails,
what can I check ?
Author: admin Time: 2018-4-4 11:18
1. Possible Cause(1) The AC and AP versions are inconsistent.
(2) The route can not be pinged.
(3) The keys of the AC and the server are incorrect.
(4) The terminal settings are incorrect.
(5) The compatibility component is not enabled on the server.
(6) The route between the terminal and theserver can not be pinged.
(7) The server does not support 802.1x authentication for the wireless network.
2. Troubleshooting ProcessStep 1: Check whether the ACand AP versions are consistent
Run the show version and show version all commands on the AC to check whether the AC and AP versions are consistent. In 802.1x authentication mode, the version 10.4(1T10) a later version is recommended. If the version is correct, go to Step 2.
Step 2: Check whether the route between the AC and the server is reachable.
Ping the server (server IP address) on the AC. If the route can not be pinged, check whether the route is correct. It the route is reachable but the authentication still fails, go to Step 3.
Note: If ip radius source-interface loopback 0 is configured for the AC, add the source IP address during the ping test, for example, ping x.x.x.x sour xxxx.
Step 3: Check whether the keys of the AC and the server are correct.
Run the show run command on the AC and log on to the server to check whether the RADIUS key and the SNMP community are consistent.
View method on the AC:
radius-server host [server IP address] key ruijie
snmp-server community ruijie
View method on the server:
If the keys are correct but the authentication still fails, go to Step 4.
Step 4: Check the terminalsettings
Errors caused by terminal settings often occur at the native WindowsDot1x clients.
If the terminal settings are correct but the authentication still fails, go to Step 5.
Step 5: Check whether the compatibility component is enabled for the server (applicable for the SU and SAclients)
Log on to SAM, SMP, and ESS to check whetherthe compatibility component is enabled.
If the component is enabled but the authentication still fails, go to Step 6.
Step 6: Check whether the route between the terminal and the server is reachable (applicable for the SU and SAclients)
Run the ping[server IP address] source [gateway IP address] command on the gateway ofthe wireless network to check whether the wireless network can be pinged. If not, check route. If the gateway can ping the server, go to Step 7.
Step 7: Check whether the server supports the wireless 802.1x authentication
The wireless 802.1x authentication software supported by Ruijie products are SMP 2.54, SAM3.5, and SU 4.63. Other authenticated products are Windows 2003 and Cisco ACS.
If the server supports the authentication method, go to Step 8.
Step 8: Collect relevant information and contact our online support
Collect the following information and call our online support for technical support.
n Information to becollected:
(1) Collect the following information on the AC:
(2) Enable the debug function on the AC, and trigger authentication on the client and the server and capture packets simultaneously.
(3) Operating systems of the wireless terminal, for example, Windows XP,Windows 7, Android, Blackberry, and iOS.
(4) Clients supporting the wireless 802.1x authentication, for example, SU, SA and native Windows clients
Welcome to Ruijie Community (https://community.ruijienetworks.com/) |
Powered by Discuz! X3.2 |