When I'm deploying 802.1x authentication but it fails

hello, guys
When I'm deploying 802.1x authentication but it fails,
what can I check ?

1. Possible Cause

(1) The AC and AP versions are inconsistent.

(2) The route can not be pinged.

(3) The keys of the AC and the server are incorrect.

(4) The terminal settings are incorrect.

(5) The compatibility component is not enabled on the server.

(6) The route between the terminal and theserver can not be pinged.

(7) The server does not support 802.1x authentication for the wireless network.

2. Troubleshooting Process

Step 1: Check whether the ACand AP versions are consistent

Run the show version and show version all commands on the AC to check whether the AC and AP versions are consistent. In 802.1x authentication mode, the version 10.4(1T10) a later version is recommended. If the version is correct, go to Step 2.

Step 2: Check whether the route between the AC and the server is reachable.

Ping the server (server IP address) on the AC. If the route can not be pinged, check whether the route is correct. It the route is reachable but the authentication still fails, go to Step 3.

Note: If ip radius source-interface loopback 0 is configured for the AC, add the source IP address during the ping test, for example, ping x.x.x.x sour xxxx.

Step 3: Check whether the keys of the AC and the server are correct.

Run the show run command on the AC and log on to the server to check whether the RADIUS key and the SNMP community are consistent.

View method on the AC:

radius-server host [server IP address] key ruijie

snmp-server community ruijie

View method on the server:

                              

If the keys are correct but the authentication still fails, go to Step 4.

Step 4: Check the terminalsettings

Errors caused by terminal settings often occur at the native WindowsDot1x clients.

If the terminal settings are correct but the authentication still fails, go to Step 5.

Step 5: Check whether the compatibility component is enabled for the server (applicable for the SU and SAclients)

Log on to SAM, SMP, and ESS to check whetherthe compatibility component is enabled.

If the component is enabled but the authentication still fails, go to Step 6.

Step 6: Check whether the route between the terminal and the server is reachable (applicable for the SU and SAclients)

Run the ping[server IP address] source [gateway IP address] command on the gateway ofthe wireless network to check whether the wireless network can be pinged. If not, check route. If the gateway can ping the server, go to Step 7.

Step 7: Check whether the server supports the wireless 802.1x authentication

The wireless 802.1x authentication software supported by Ruijie products are SMP 2.54, SAM3.5, and SU 4.63. Other authenticated products are Windows 2003 and Cisco ACS.

If the server supports the authentication method, go to Step 8.

Step 8: Collect relevant information and contact our online support

Collect the following information and call our online support for technical support.

n  Information to becollected:

(1) Collect the following information on the AC:

(2) Enable the debug function on the AC, and trigger authentication on the client and the server and capture packets simultaneously.

(3) Operating systems of the wireless terminal, for example, Windows XP,Windows 7, Android, Blackberry, and iOS.

(4) Clients supporting the wireless 802.1x authentication, for example, SU, SA and native Windows clients