Title: How do I check if 802.1x authentication fails? [Print this page] Author: GTAC-Sophia Time: 2023-7-25 11:44 Title: How do I check if 802.1x authentication fails? 1.On the AC, run "show version" and "show version all" to check whether the AC and AP firmware versions are stable. If not, upgrade them first. If yes, go to the next step.
Ruijie#show version
Ruijie#show version all
2.ping [server IP] on the AC. If not, check whether the route configuration is correct. If the AC and server are reachable or the authentication fails, go to the next step. Note: If ip radius source-interface loopback 0 is configured by the AC, it needs to add a source for the ping test. For an example, ping x.x.x.x sour xxxx. The source radius address must be adjusted based on the actual situation. Generally, it is the interface address corresponding to the default route
3."show run" on the AC and log in to the server to check whether the radius key and snmp community are consistent.
Ruijie#show run
radius-server host [Server ip address] key ruijie
snmp-server community ruijie Note: If the authentication fails despite the correct key configuration, go to the next step. 4. Check whether the network configuration on the terminal computer is correct.
5.Check whether compatibility components are enabled on the server (for SU and SA clients).
Log in to SAM, SMP and ESS to check whether compatibility components are enabled.
6.Check whether the terminal and server are routable (for SU and SA clients).
ping [server IP] source [gateway IP] on the wireless user gateway to check whether the ping server can be successfully pinged. If not, check the route. If the gateway can ping through the server, go to the next step.
7.Verify that the server supports wireless 802.1xauthentication
The information needs to be collected on the AC
1)Information Collection:
showversion ---->indicates the AC version
showversion all ---> AP version information
showrunning --->indicates AC configuration information
showap-config run ---> indicates AP configuration information
showradius auth statistics --->indicates radius authentication statistics
showradius acct statistics --->indicates radius accounting statistics
showdot1x --->802.1x configuration
showdot1x summary --->indicates the 802.1x user information
2) Enable debug on ac, trigger authentication and synchronize packet capture on client and server:
debug aaa event --->debugs aaa events
debug dot1x event --->indicates the debugging of dot1x events
debug dot1x packet --->debug dot1x packet exchange information
3) Operating system of wireless terminal: such as window xp, window 7, Android, blackberry, iphone, etc.
4) 802.1x clients used by wireless terminals, such as SU client, SA client, and windows native client.
Welcome to Ruijie Community (https://community.ruijienetworks.com/)
