You are on page 1of 108

Ethernet Routing Switch 2500 Series

Troubleshooting
Release: 4.1 Document Revision: 01.01

www.nortel.com

NN47215-700
.

324605-A

Ethernet Routing Switch 2500 Series Release: 4.1 Publication: NN47215-700 Document status: Standard Document release date: 06 May 2008 Copyright © 2008 Nortel Networks All Rights Reserved. Sourced in Canada The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. This document is protected by copyright laws and international treaties. All information, copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks. Except as expressly authorized in writing by Nortel Networks, the holder is granted no rights to use the information contained herein and this document shall not be published, copied, produced or reproduced, modified, translated, compiled, distributed, displayed or transmitted, in whole or part, in any form or media. Sourced in Canada, the United States of America, and India. *Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks. All other trademarks are the property of their respective owners.

ATTENTION: Before troubleshooting the Ethernet Routing Switch 2500 Series, ensure you read the legal statements in the first chapter of this guide.

.

.

3

Contents
Legal information
Restricted rights legend 5 Statement of conditions 5 Nortel Networks software license agreement

5

6

New in this release
Stacking 9 Stacking licensing 9 Stacking functionality and rear ports 10 Stack Licensing – rear port mode 10 Power over Ethernet (POE) limitations 11

9

Introduction Troubleshooting planning Troubleshooting tools
Port Mirroring 17 Port mirroring limitations 17 Port mirroring commands 18 Port statistics 18 System logs 18 Auto Unit Replacement (AUR) 18 Nortel knowledge and solution engine 19

13 15 17

General diagnostic tools
CLI command modes 21

21 23 25

Initial troubleshooting
Gather information 23

Emergency recovery trees
Corruption of flash 26 Incorrect PVID 27 Uplink ports not tagged to VLAN SNMP 30 Stack 33

28

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

4 Troubleshooting hardware Check power 41 Check cables 44 Check port 45 Check fiber port 47 Replace unit 50 39 Troubleshooting ADAC IP phone is not detected 56 Correct filtering 57 Reload ADAC MAC in range table 58 Reduce LLDP devices 60 Auto configuration is not applied 61 Correct auto configuration 62 Check status and number of devices 64 55 Troubleshooting authentication EAP client authentication 68 Restore RADIUS connection 70 Enable EAP on The PC 72 Apply the method 73 Enable EAP globally 74 EAP multihost repeated re-authentication issue Match EAP-MAC-MAX to EAP users 76 Set EAPOL request packet 78 EAP RADIUS VLAN is not being applied 79 Configure VLAN at RADIUS 80 Configure switch 82 Configured MAC is not authenticating 87 Configure the switch 87 NEAP RADIUS MAC not authenticating 92 Configure switch 93 RADIUS server configuration error 96 NEAP MHSA MAC is not authenticating 97 Configure switch 98 EAP-NEAP unexpected port shutdown 102 Configure switch 103 67 76 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

227-19. this computer software.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .. SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252. WITHOUT LIMITATION. advertising materials. Berkeley. Regents of the University of California. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission. and/or reliability. Notwithstanding any other license agreement that may pertain to. duplication. Nortel Networks reserves the right to make changes to the products described in this document without notice. INCLUDING. provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation. Portions of the code in this software product may be Copyright © 1988. . operational function. Statement of conditions In the interest of improving internal design. and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California. All rights reserved.227-7013. the rights of the United States Government regarding its use. Redistribution and use in source and binary forms of such portions are permitted. or accompany the delivery of. 5 Legal information Restricted rights legend Use. reproduction.

unused and in the original shipping container. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. audio-visual content (such as images. copy. its parent or one of its subsidiaries or affiliates. Customer is granted a nonexclusive license to use Software only on such hardware or CFE. its components. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Customer will promptly return the Software to Nortel Networks or certify its Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. reverse compile. Customer shall not a) use. "Software" is owned or licensed by Nortel Networks. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use. If you do not accept these terms and conditions. publish or disseminate. the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). text. You obtain no rights other than those granted to you under this License Agreement. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"). rent or lease the Software. transfer or distribute the Software except as expressly authorized. whichever is applicable. as applicable. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. modify. c) create derivative works or modifications unless expressly authorized. not sold. Licensed Use of Software. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose. and results obtained from the Software. You are responsible for the selection of the Software and for the installation of. Software consists of machine-readable instructions. use of. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level. . 1. and is copyrighted and licensed. Nortel Networks software license agreement This Software License Agreement ("License Agreement") is between you. within 30 days of purchase to obtain a credit for the full purchase price. return the Software. b) reverse assemble.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .6 Legal information In addition. data. PLEASE READ THE FOLLOWING CAREFULLY. recordings or pictures) and related licensed materials including all whole or partial copies. the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties). reverse engineer or otherwise translate the Software. or d) sublicense.

Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer. BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Such developer and/or supplier is an intended beneficiary of this Section. . Sections 12. Limitation of Remedies.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .R. General — If Customer is the United States Government. — Customer may terminate the license at any time. OR c) DIRECT. SPECIAL. EITHER EXPRESS OR IMPLIED. TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE. Nortel Networks is not obligated to provide support of any kind for the Software. INCIDENTAL. INDIRECT. the above exclusions may not apply. EVEN IF NORTEL NETWORKS. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE. The foregoing limitations of remedies also apply to any developer and/or supplier of the Software. they may not apply. in such event. INCLUDING.F. b) LOSS OF. ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. in such event.Nortel Networks software license agreement 7 destruction. OR DAMAGE TO. the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and. 3. the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U. Warranty. and. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. Software is provided "AS IS" without any warranties (conditions) of any kind. Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software. 2.F. 4. PUNITIVE. 227.R. Federal Regulations at 48 C. Some jurisdictions do not allow these limitations or exclusions and.212 (for non-DoD entities) and 48 C. OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS). Some jurisdictions do not allow exclusion of implied warranties.S. WHETHER IN CONTRACT. CUSTOMER’S RECORDS. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms. upon termination. FILES OR DATA.7202 (for DoD entities). IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM. Customer must either return the Software to Nortel Networks or certify its destruction. In either event. in the event Software is licensed for or on behalf of the United States Government.

— This License Agreement is governed by the laws of the country in which Customer acquires the Software. more than two years after the cause of the action arose. then this License Agreement is governed by the laws of the state of New York. regardless of form. . resulting from Customer’s use of the Software. — The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. — Neither party may bring an action. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations. If the Software is acquired in the United States.8 Legal information — Customer is responsible for payment of any taxes. including personal property taxes.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. a standalone unit can have the stacking feature enabled through the use of a Stacking License Kit that includes a license certificate and a License Authorization code (LAC) for use on the Nortel Licensing Portal. downloaded and installed on each standalone ERS 2500 Series device that requires stacking functionality. Second. Second. The license file is generated. 9 New in this release This is the first standard release of the ERS 2500 series Troubleshooting Guide. First. This document supports Release 4. There are two cases that may be encountered.. First. when the stack is reset to default (#boot default) the switches continues to function in stack indefinitely. or WebUI.1 feature content. Stacking functionality is available through two methods. when the licenses are removed (#clear license) the stack continues to work until the second reset. These devices do not use or require a license for the feature. The license file management and generation is through the Nortel Licensing Portal. The stack enabled units are identifiable through CLI. Stacking licensing There are four variants of Stacking License Kits that are available for standalone switches. Stacking The ERS 2500 Series software release v4. Each kit contains a license certificate and LAC. the license file is removed. The license file unlocks stacking functionality and allows the ports on the rear of the switch to be set to Stacking Mode. by purchasing a stack enabled device. . These devices have the rear ports set to stacking mode as default in the factory. The instructions are located on the license certificate. Should you set a non stack enabled device to default.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . It is important to note that stack enabled switches can be stacked regardless of the method the stacking was enabled on them. License files can be added and removed from the switch.1 has the capability to stack up to eight units in a stack. JDM.

The ERS 2500 Series licensing has a more intuitive LAC schema. .10 New in this release Stack License Kits are available for 1. The base unit must have the unit select switch set to on. 50. or 100 devices. Also available for purchase are additional cables of 1. There is no auto-detection for the stacking function. This is at your own risk and is not officially supported by GNTS. 10. Stack Licensing – rear port mode The rear ports on the ERS 2500 series are configurable via NNCLI and JDM in ‘config’ mode.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 1 License Schema Stacking functionality and rear ports Stacking mode must be configured on the rear ports before the switches are connected together. The stacking cable is a black Cat5E cable.5 ft) stacking cable.5 m (5 ft) and 3 m (10 ft) and are similar to stack return cables. Figure 2 ERS 2500 rear ports Each ERS 2500 Series device ships with a 46 cm (1. The memo field in the license is also populated as part of the license file generation on the licensing portal. You are permitted to use your own cables and longer lengths up to 100m. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Spare stacking cables are available on the price list for additional purchase.

.3af compliant mode). Figure 3 ERS 2500 JDM display Power over Ethernet (POE) limitations The status for the PoE port can appear incorrectly as InvalidPD rather than detecting. show rear-ports mode displays the operating mode of the rear ports. Under JDM. This occurs if the PD detect type on an ERS 2500-PWR is set to 802. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.Power over Ethernet (POE) limitations 11 In NNCLI. you can use the following commands: • • default rear-ports mode [unit <1-8>] {standalone | stacking} to set the operating mode.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .3af and legacy while a PoE port on the switch is connected to a non-PoE device. cabling. the rear ports are be grayed out and not selectable in the switch view if the ports are in stacking mode. etc. dependent on the environment. The default is standalone. Be aware that this is a hardware limitation that is caused by the capacitive detection method used in the legacy mode (versus resistive/current based detection used in 802. under PrivExec mode. Some devices are always errantly detected because they match the capacitive signature.

12 New in this release Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Troubleshooting Tools The ERS 2500 Series products support a range of protocols. capture and analyze data packets. Certain protocols and tools are tailored for troubleshooting specific ERS 2500 Series network topologies. utilities. Have experience with Graphical User Interface (GUI).1. trace data flows. Have basic knowledge of network topologies. and manage event messages. Other tools are more general in their application and can be used to diagnose and monitor ingress and egress traffic.. and diagnostic tools that you can use to monitor and analyze traffic.. ethernet bridging. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Guides you through some common problems to achieve a first tier solution to these situations Advises you what information to compile prior to troubleshooting or calling Nortel for help. . This document : • • • Describes the diagnostic tools and utilities available for troubleshooting the Nortel ERS 2500 Series products including the Nortel Networks Command Line Interface (NNCLI) and Java Device Manager (JDM). and IP routing. monitor laser operating characteristics. view statistics. This documents assumes that you: • • • • Have basic knowledge of networks. 13 Introduction This document is the first troubleshooting guide for the ERS 2500 series software Release v4. Are familiar with networking concepts and terminology.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .14 Introduction Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

MAC addresses. which helps locate the users and applications that are affected by a problem. ports. If your hubs or switches are not managed. logical connections.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . which list all devices and relevant information for your network. IP addresses. use the Ethernet Routing Switch 2500 Series Documentation Roadmap to familiarize yourself with the documentation set. First. . You can use the map to systematically search each part of your network for problems. make sure the system is properly installed and maintained so that it operates as expected. so you know where to get information when you need it. • A site network map identifies where each device is physically located on your site. You should maintain online and paper copies of your device configuration information. and other data that you will require if you have to troubleshoot. Store passwords in a safe place. and attached devices. copy the information onto a backup medium and store the backup offsite. Use this inventory to easily see the device types. Third. Ensure that all online data is stored with your site’s regular data backup for your site. You need to use the old password that was valid for that version.. It is a good practice to maintain a device inventory. device configuration information. Second. You must know how your devices are connected logically and physically with virtual local area networks (VLAN). make sure you gather and keep up to date the site map. It is a good practice to keep records of your previous passwords in case you must restore a device to a previous software version. If your site has no backup system. 15 Troubleshooting planning There are some things you can do to minimize the need for troubleshooting and to plan for doing it as effectively as possible. you must keep a list of the MAC addresses that correlate to the ports on your hubs and switches. • • • • • Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

such as which devices are typically accessed or when peak usage times occur. Use a baseline analysis as an important indicator of overall network health. Fourth. understand the normal network behavior so you can be more effective at troubleshooting problems. support numbers. Permanently store change-control records. engineer details. and telephone and fax numbers. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. A baseline view of network traffic as it typically is during normal operation is a reference that you can compare to network traffic data that you capture during troubleshooting. It is a good practice to store the details of all key contacts. such as support contacts.16 Troubleshooting planning • • Maintain a change-control system for all critical systems. Having this information available during troubleshooting saves you time. . • • Monitor your network over a period of time sufficient to allow you to obtain statistics and data to see patterns in the traffic flow. This should speed the process of isolating network problems.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

the same limitation on the XTX portion also applies to this mode. Second. Unlike other methods that are used to analyze packet traffic. While as a standalone or a stack. . both the monitor and mirror port should be on the same unit. A copy of the packet can be captured and analyzed. in a stack. When port mirroring is enabled. There are also limitations on Ingress and Egress modes. the ingress or egress packets of the mirrored (source) port are forwarded normally and a copy of the packets is sent from the mirrored port to the mirroring (destination) port. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Port mirroring limitations The ERS 2500 series supports port mirroring in the following three modes: • • • Ingress mode (XRX or ->Port X) Egress mode (XTX or Port X ->) Ingress and Egress Mode (XRX or XTX or <->Port X) There are limitations to the Egress mode. First. Port Mirroring ERS 2500 Series switches have a port mirroring feature that helps you to monitor and analyze network traffic.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . The port mirroring feature supports both ingress (incoming traffic) and egress (outgoing traffic) port mirroring.. You can observe and analyze packet traffic at the mirroring port using a network analyzer. The monitor port does not receive copies of the generated control packets that egress from the mirrored port. 17 Troubleshooting tools These are the available troubleshooting tools and their applications. the packet traffic is uninterrupted and packets flow normally through the mirrored port. port-mirroring mode XTX mirrors egress traffic on the mirrored port but does not mirror control packets generated by the switch.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . The new unit must be running the same software and firmware versions as the previous unit but with a different MAC address. the configuration of the previous unit is not replicated in the new unit. AUR can be enabled or disabled from the NNCLI and JDM. the unit is allowed to join the stack. or forwards messages that originate from sources that are internal and external to the workstation. For example. System logs You can use the syslog messaging feature of the ERS 2500 Series products to manage event messages.18 Troubleshooting tools Port mirroring commands Please refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for port mirroring command information You can use the port mirroring commands to assist in diagnostics and information gathering. The ingress and egress counts occur at the MAC layer. The stack power must be on during unit replacement. as well as messages received from an ERS 2500 Series device running in a network accessible to the workstation. The daemon syslogd is a software component that receives and locally logs. prints. displays. Auto Unit Replacement (AUR) You must understand AUR to replace a failed device in the stack if AUR is enabled. syslogd software concurrently handles messages received from applications running on the workstation. while retaining the configuration of the previous unit. However. If the hardware version of the replaced unit is different from the previous unit. Port statistics Use port statistics commands to display information on received and transmitted packets at the ports. By default. The Auto Unit Replacement (AUR) feature allows replacement of a failed unit in a stack with a new unit. The ERS 2500 Series syslog software communicates with a server software component named syslogd that resides on your management workstation. AUR is enabled. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. troubleshooting solutions. software patches and releases.Nortel knowledge and solution engine 19 Nortel knowledge and solution engine The Knowledge and Solution Engine is a database of Nortel technical documents.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . service cases. and technical bulletins. . It is searchable by natural-language query.

20 Troubleshooting tools Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

trace a route. CLI and NNCLI are interchangeable. view and monitor port statistics. and a Web Interface. Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for command mode information. For purposes of using this document. You can configure and display files.. The CLI has four major command modes. listed in order of increasing privileges: • • • • User EXEC Privileged EXEC Global configuration Interface configuration Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. NNCLI. run loopback and ping tests. and view the address resolution table. This document focuses on using the CLI to perform the majority of troubleshooting. You can use these diagnostic tools to help you troubleshoot operational and configuration issues. 21 General diagnostic tools The ERS 2500 Series device has diagnostic features available with the JDM. You can use the web Interface in cases where the troubleshooting steps require corroborating information to ensure diagnosis. . The command line interface is accessed through either a direct console connection to the switch or by using the Telnet or SSH protocols to connect to the switch remotely.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . CLI command modes CLI command modes provide different levels of authority for operation. test the switch fabric.

setting passwords. • • • It is possible to move between command modes on a limited basis.). Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. SNMP parameters. duplex mode. User EXEC is the initial mode of access when the switch is first turned on and provides a limited subset of CLI commands. The command modes are as follows: • User EXEC mode: The User EXEC mode (also referred to as exec mode) is the default CLI command mode. Global configuration mode: The Global Configuration mode (also referred to as config mode) enables the user to set and display general configurations for the switch such as IP address. Telnet access. privExec is an unrestricted mode that allows you to view all settings on the switch. The command set of a higher-privilege mode is a superset of a lower-privilege mode.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . etc. and booting the switch. and if you are logged in with write access. That is. such as downloading software images.22 General diagnostic tools Each mode provides a specific set of commands. This is explained in the Common Procedures section of this document. This mode is the most restrictive CLI mode and has few commands available. rebooting. such as speed. and VLANs. it also allows you to access all configuration modes and commands that affect operation of the switch (such as downloading images. Interface configuration mode:The Interface Configuration mode (also referred to as config-if mode) enables the user to configure parameters for each port or VLAN. and rate-limiting. Privileged EXEC mode: The Privileged EXEC mode (also referred to as privExec mode) enables the user to perform basic switch-level management tasks. all lower-privilege mode commands are accessible when using a higher-privilege mode. .

To do this. . use the show sys-info or show system verbose commands to display the software version. and the names of the persons who made them. Your planning and engineering function should have this diagram. For more detail. is operating without any failures before moving up to the network and application layers. Recent changes: Find out about recent changes or upgrades to your system. Information about past events. Get the date and time of the changes. It is usually best to follow the Open System Interconnection (OSI) network architecture layers.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Nortel recommends that you check the Knowledge and Solution Engine on the Nortel web site for known issues and solutions related to the problem you are experiencing. or custom applications (for example. review the log files using the show logging command. Confirm that the physical environment.. Gather information Before contacting Nortel Technical Support. you must gather information that can help the Technical Support personnel. Get a list of • • • • Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. 23 Initial troubleshooting The types of problems that typically occur with networks involve connectivity and performance. has configuration or code been changed?). such as the cables and module connections. To do this. This includes the following information: • • Default and current configuration of the switch. System status: Displays technical information about system status and information about the hardware. The software version that is running on the device. A network topology diagram: Get an accurate and detailed topology diagram of your network that shows the nodes and connections. use the show tech command. you can use the show running-config command. software. To do this. As part of your initial troubleshooting. and switch operation output from the show sys-info command. your network.

a LAN change. increased traffic. such as an upgrade.24 Initial troubleshooting events that occurred prior to the trouble. To do this. • Connectivity information: When connectivity problems occur.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . or installation of new hardware. use these commands: — show tech — show running-config — show port-statistics <port> Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues.

. Emergency recovery trees The following work flow contains some typical problems. Figure 4 Emergency recovery trees Navigation • • • • • "Corruption of flash" (page 26) "Incorrect PVID" (page 27) "Uplink ports not tagged to VLAN" (page 28) "SNMP" (page 30) "Stack " (page 33) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01..01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . These situations are not dependant upon each other. They are meant to quickly assist you through some common failures for a solution. 25 Emergency recovery trees Emergency Recovery Trees (ERT) provide a quick reference for troubleshooting without procedural detail.

26 Emergency recovery trees Corruption of flash Corruption of the switch configuration file can sometimes occur due to power outage or environmental reasons makes the configuration of the box corrupt and non-functional. Corruption of flash recovery tree Figure 5 Corruption of flash Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Initializing of the flash is one way to clear a corrupted configuration file and is required before an RMA. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Incorrect PVID

27

Incorrect PVID
An issue can occur where clients cannot communicate to critical servers when their ports are put in wrong VLAN. If the server is plugged in VLAN-3 and the PVID of the port is 2 then loss of communication can occur. This can be verified by checking the PVID of the ports.

Incorrect PVID Recovery Tree
Figure 6 Incorrect PVID

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

28 Emergency recovery trees

Uplink ports not tagged to VLAN
When an ERS 2500 series switch is connected to an ERS 8600 series switch and devices in a VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 2500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 2500 series switch.

Uplink ports not tagged to VLAN recovery tree

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

Uplink ports not tagged to VLAN Figure 7 Uplink ports not tagged to VLAN

29

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

verify the trap configurations (the trap destination address and the traps configured to be sent).30 Emergency recovery trees SNMP SNMP failure may be the result of an incorrect configuration of the management station or its setup. SNMP recovery tree Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. If you can reach a device but no traps are received.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

SNMP Figure 8 SNMP 31 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .32 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Failures can also arise when there are multiple bases configured.Stack 33 Stack Stack failure can be the result of a communication error between the individual units due to configuration or cabling. Stack Recovery Tree Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

.34 Emergency recovery trees Figure 9 Stack Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .Stack 35 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .36 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

Stack 37 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

38 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

39 Troubleshooting hardware Complete hardware troubleshooting specific to the ERS 2500 series. Work flow: Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01..01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .40 Troubleshooting hardware Figure 10 Troubleshooting hardware Navigation • • • "Check power" (page 41) "Check cables" (page 44) "Check port" (page 45) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .Check power 41 • • Check power "Check fiber port" (page 47) "Replace unit" (page 50) Confirm power is being delivered to the device. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Check power The following task flow assists you to confirm that the ERS 2500 series device is powered correctly.

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .42 Troubleshooting hardware Figure 11 Check power Navigation • • • • • "Correcting voltage source" (page 43) "Ensuring power cord is installed" (page 43) "Observing error report on console" (page 43) "Reloading agent code" (page 43) "Returning unit for repair" (page 43) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .Check power 43 Correcting voltage source Confirm the power cord is connected to the appropriate voltage source. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Ensuring power cord is installed Confirm the power cord is properly installed for the device. Procedure Steps Step 1 2 Action View console information and note any details for the RMA. Note the LED status for information: • • Status LED blinking amber: Power On Self Test (POST) failure Power LED blinking: corrupt flash --End-- Reloading agent code Reload the agent code on the ERS 2500 series device to eliminate corrupted or damaged code that causes a partial boot of the device. Know the current version of your software before reloading it. Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for software installation. --End-- Returning unit for repair Return unit to Nortel for repair. Observing error report on console Interpret the message that is sent to console when it fails. . Procedure Steps Step 1 2 Action Use the show sys-info command view the software version. CAUTION Ensure you have adequate backup of your configuration prior to reloading software. Loading incorrect software versions may cause further complications.

Figure 12 Check cables Navigation • • "Confirming cables are correct type" (page 44) "Reviewing configuration documentation" (page 45) Confirming cables are correct type Ensure the cables are RJ45 connectors.1 supports the use of both straight and crossover Cat5e cabling.44 Troubleshooting hardware Contact Nortel for return instructions and RMA information. Task flow: Check cables The following task flow assists you to confirm the stacking cables on the ERS 2500 series device are installed correctly. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . The ERS 2500 series software Release v4. Check cables Confirm the stacking cables are correctly connected. .

Cascade cable (used for return) Check port Confirm the port and ethernet cable connecting the port are in proper configuration.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 13 Stack configuration 1.Check port 45 Reviewing configuration documentation Review the stacking procedures in the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500). . Task flow: Check port The following task flow assists you to check the port and ethernet cables. Base unit 2. Cascade cable 3. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

46 Troubleshooting hardware Figure 14 Check port Navigation • • • • "Viewing port information" (page 46) "Enabling the port" (page 47) "Confirming the cables are working" (page 47) "Confirming the cables are working" (page 47) Viewing port information Review the port information to ensure it is enabled. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 Action Use the show interfaces <port> command to display the port information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

--End-- Confirming the cables are working Ensure that the cables connecting to the port are functioning correctly. Note the port administrative status. --End-- Enabling the port Enable the port. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. . Use the show interfaces <port> command to display the port. Procedure Steps Step 1 2 3 4 Action Go to interface specific mode using the interface fastethernet <port> command.Check fiber port 47 2 Note the port status. Note the operational and link status of the port. --End-- Check fiber port Confirm the fiber port is working and the cable connecting the port are the proper type. Use the no shutdown command to change the port configuration.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use the no shutdown command to change the port configuration. Use the show interfaces <port> command to display the port. Procedure Steps Step 1 2 3 4 Action Go to interface specific mode using the interface fastethernet <port> command.

Figure 15 Check fiber port Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .48 Troubleshooting hardware Task flow: Check fiber port The following task flow assists you to confirm the fiber port cable is functioning and is of the proper type.

Note the port status. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use the show interfaces <port> command to display the port information. Procedure Steps Step 1 2 Action Use the show interfaces <port> command to display the port information Note the port status. Procedure Steps Step 1 2 3 Action Use the no shutdown command to change the port configuration. --End-- Confirming cables working Confirm that the cables are working on the port. Procedure Steps Step 1 Action Use the no shutdown command to change the port configuration.Check fiber port 49 Navigation • • • • "Viewing fiber port information" (page 49) "Enabling port" (page 49) "Confirming cables working" (page 49) "Returning unit for repair" (page 50) Viewing fiber port information Review the port information to ensure it is enabled. . --End-- Enabling port Ensure the port on the ERS 2500 series device is enabled.

.1 software or later). Note the port operational and link status. --End-- Returning unit for repair Return unit to Nortel for repair Contact Nortel for return instructions and RMA information. Replace unit Remove defective unit and insert the replacement. The stack power must be on during unit replacement. For detailed information regarding AUR refer to Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) Auto Unit Replacement section. The Auto Unit Replacement (AUR) feature allows replacement of a failed unit in a stack with a new unit. In order for AUR to function properly. review and adhere to all safety instructions and literature included with device and in Nortel Ethernet Routing Switch 2500 Series — Regulatory Information (NN47215-100).50 Troubleshooting hardware 2 3 Use the show interfaces <port> command to display the port.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . AUR is not designed for the situation of removing and reinserting the same switch (with the same MAC address). Task flow: Replace unit The following task flow assists you to replace one of the ERS 2500 series devices. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. If AAUR is available (and it is turned on by default in such cases). This in only appropriate if old software is used or AAUR is disabled. then the verify software procedures are not required. CAUTION Due to physical handling of the device and your physical proximity to electrical equipment. while retaining the configuration of the previous unit. the new unit and the existing units in the stack must all be running the same version of software (Release 4.

Replace unit Figure 16 Replace unit 51 Navigation • • • • • • • "Removing failed unit" (page 52) "Verifying software version is correct on new device" (page 52) "Obtaining correct software version" (page 52) "Placing new unit" (page 52) "Connecting stacking cables" (page 52) "Powering on unit" (page 53) "Returning unit for repair" (page 53) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Procedure Steps Step 1 2 Action Connect the new device to the console. Know the proper version of your software before loading it. Procedure Steps Action Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for software installation. Remove the failed device. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Do not power down stack. Use the show sys-info command view the software version.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Obtaining correct software version Obtain and install correct software version CAUTION Ensure you have adequate backup of your configuration prior to reloading software. independent of stack connection. . Procedure Steps Step 1 2 Action Maintain power to the stack. Connecting stacking cables Reconnect the stacking cables to correctly stack the device. Placing new unit Place the new unit in the stack where the failed unit was connected. Loading incorrect software versions may cause further complications. --End-- Verifying software version is correct on new device Verify that the new device to be inserted has the identical software version.52 Troubleshooting hardware Removing failed unit Remove the failed unit from the stack.

Allow time for the new unit to join the stack. The configuration of the failed unit to be replicated on the new unit. Procedure Steps Step 1 2 3 Action Connect the power to the unit.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- 2 Powering on unit Energize the unit once it is connected and ready to integrate. There is no requirement to reset the entire stack. The single device being replaced is the only device having such action placed on it. This confirms that replication has completed. . Confirm that the new unit has reset itself. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.Replace unit 53 Procedure Steps Step 1 Action Review the stacking section in Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for cabling details. Connect the cables in accordance with physical stack requirements. --End-- Returning unit for repair Return unit to Nortel for repair Contact Nortel for return instructions and RMA information.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .54 Troubleshooting hardware Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

ADAC redetects the ports and re-applies the default settings for them. Otherwise ADAC won’t detect any phone. There is no requirement to create a voice VLAN manually. Once the VLAN number is reserved for ADAC voice-vlan with the adac voice-vlan x command. the VLAN number cannot be used by user in regular VLAN creation. these settings are lost.. . If you enable the LLDP detection mechanism for telephony ports. You do not manually create a VLAN to be used as the voice VLAN and then try to set this VLAN as ADAC voice VLAN using the command adac voice-vlan x. You only have to reserve or set the VLAN number used by ADAC with the adac voice-vlan x command.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Work flow: Troubleshooting ADAC The following work flow assists you to identify the type of problem you are encountering. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. When the unit is reset. all VLAN settings manually made by user on ADAC uplink or telephony ports are dynamic and are not saved to non-volatile memory. When ADAC is enabled. even if ADAC admin status is disabled or ADAC is in UTF mode. ADAC clarifications ADAC VLAN settings are dynamic and are not saved to nonvolatile memory. 55 Troubleshooting ADAC Automatic Detection and Automatic Configuration (ADAC) may can encounter some detection and configuration errors that can be easily corrected. then LLDP itself has to be enabled on the switch. ADAC automatically creates the voice VLAN when needed.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Figure 18 IP phone not detected Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Work flow: IP phone not detected The following work flow assists you to resolve some detection issues.56 Troubleshooting ADAC Figure 17 Troubleshooting ADAC Navigation • • "IP phone is not detected" (page 56) "Auto configuration is not applied" (page 61) IP phone is not detected Correct an IP phone that is not being detected by ADAC.

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .IP phone is not detected 57 Navigation • • • "Correct filtering" (page 57) "Reload ADAC MAC in range table" (page 58) "Reduce LLDP devices" (page 60) Correct filtering Configure the VLAN filtering allow ADAC. Task flow: Correct filtering The following task flow assists you to correct the filtering. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Figure 19 Correct filtering Navigation • • "Confirming port belongs to at least one VLAN" (page 57) "Disabling VLAN filter unregistered frames" (page 58) Confirming port belongs to at least one VLAN View information to ensure the port belongs to a VLAN.

58 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the show vlan interface info <port> command to view the details. Note the VLANs listed with the port. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Disabling VLAN filter unregistered frames Change the unregistered frames filtering of the VLAN. --End-- Reload ADAC MAC in range table Ensure the ADAC mac is properly loaded in the range table. Task flow: Reload ADAC MAC in range table The following task flow assists you place the ADAC MAC in the range table. Procedure Steps Step 1 2 Action Use the vlan ports <port> filter-unregistered-fram es enable command to view the details. . Ensure no errors after command execution..01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Procedure Steps Step 1 2 Action Follow local procedure to disconnect the phone.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .IP phone is not detected Figure 20 Reload ADAC MAC in range table 59 Navigation • • "Disconnecting and reconnecting phone" (page 59) "Disabling and enabling the port" (page 59) Disconnecting and reconnecting phone Remove the phone and the reconnect it to force a reload of the MAC in the range table. When disable and re-enable the port administratively. the MAC Addresses already learned on the respective port to be aged out. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Disabling and enabling the port Disable the ADAC on the port and then enable it to detect the phone. . Follow local procedures to reconnect the phone.

Figure 21 Reduce LLDP devices Navigation • • "Viewing LLDP information" (page 61) "Reducing LLDP enabled devices" (page 61) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system. --End-- Reduce LLDP devices Reduce the number of LLDP devices. Use the adac enable <port> command to enable ADAC. More than 16 devices may cause detection issues. .60 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Task flow: Auto configuration is not applied The following task flow assists you to solve auto configuration issues.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Step 1 2 Action Use the show lldp port 1 neighbor command to identify the LLDP devices. Use the adac enable <port> command to enable ADAC. Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC.Auto configuration is not applied 61 Viewing LLDP information Display the LLDP devices that are connected to a port. --End-- Reducing LLDP enabled devices Disable the ADAC on the port and then enable it to detect the phone. . Note if there are more than 16 LLDP enabled devices on the port. --End-- Auto configuration is not applied Correct some common issues that may interfere with auto configuration of devices. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

In tagged frames mode.62 Troubleshooting ADAC Figure 22 Auto configuration is not applied Navigation • • "Correct auto configuration" (page 62) "Check status and number of devices" (page 64) Correct auto configuration Tagged frames mode may be causing the problem. everything is configured correctly but auto configuration is not applied on a telephony port. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Correct auto configuration The following task flow assists you to correct the auto configuration.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

.Auto configuration is not applied Figure 23 Correct auto configuration 63 Navigation • • • "Viewing ADAC global status" (page 63) "Configuring another CS/UP" (page 64) "Replacing Unit" (page 64) Viewing ADAC global status Display the global status of ADAC. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Step 1 Action Use the show adac command to display the ADAC information.

--End-- Replacing Unit Replace unit to replicate configuration is AUR is enabled. Procedure Steps Step 1 2 Action Follow the replacement guidelines in the Nortel Ethernet Routing Switch 2500 Series — System Configuration (NN47215-500). Task flow: Check status and number of devices The following task flow assists you to correct the auto configuration. Use the adac call-server-port <port> command to assign the call server port.64 Troubleshooting ADAC 2 Note if the oper state is showing as disabled. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Refer to the unit replacement section in the Troubleshooting Hardware section in this document.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Procedure Steps Step 1 2 Action Use the adac uplink-port <port> command to assign the uplink port. --End-- Configuring another CS/UP Configuring another call server and uplink port can assist the auto configuration. --End-- Check status and number of devices Auto configuration can stop being applied after a unit is removed from the stack.

Auto configuration is not applied Figure 24 Check status and number of devices 65 Navigation • • • "Viewing ADAC port status" (page 65) "Reducing the number of devices" (page 66) "Disabling and enabling the port. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks ." (page 66) Viewing ADAC port status Display the status of ADAC on the port. .

--End-- Disabling and enabling the port. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC. . Use the show adac in <port> command to display the ADAC information for the port to ensure there are less than 32 devices connected.66 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the show adac in <port> command to display the ADAC information for the port. Note if the oper state is disabled and the number of devices connected. Procedure Steps Step 1 2 Action Follow local procedures and SOP to reduce the number of devices connected.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Administratively disable and enable to port to initialize configuration. --End-- Reducing the number of devices Configuring another call server and uplink port can assist the auto configuration. Use the adac enable <port> command to enable ADAC.

Figure 25 Troubleshooting authentication Navigation • • • • "EAP client authentication " (page 68) "EAP multihost repeated re-authentication issue" (page 76) "EAP RADIUS VLAN is not being applied " (page 79) "Configured MAC is not authenticating" (page 87) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Work flow: Troubleshooting authentication The following work flow contains some typical authentication problems. These situations are not dependant upon each other.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .. 67 Troubleshooting authentication Authentication issues can interfere with device operation and function. The following work flow contains some common authentication problems.

68 Troubleshooting authentication • • • "NEAP RADIUS MAC not authenticating" (page 92) "NEAP MHSA MAC is not authenticating" (page 97) "EAP-NEAP unexpected port shutdown" (page 102) EAP client authentication This section provides troubleshooting guidelines for the EAP and NEAP features on the ERS 2500 Series devices. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Work flow: EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected.

EAP client authentication Figure 26 EAP client is not authenticating 69 Navigation • • "Restore RADIUS connection" (page 70) "Enable EAP on The PC" (page 72) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 27 Restore RADIUS connection Navigation • • "Getting correct RADIUS server settings for the switch" (page 71) "Viewing RADIUS information" (page 71) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.70 Troubleshooting authentication • • "Apply the method" (page 73) "Enable EAP globally" (page 74) Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device Task flow: Restore RADIUS connection The following task flow assists you to restore the connection to the RADIUS server.

Reconfiguring the shared secret The shared secret is to be reset in case there was any corruption Procedure Steps Step 1 Action Use the radius-server key command. Follow vendor documentation to set the RADIUS authentication method MD5. Refer to the vendor documentation for server configuration. Older servers may use 1645/UDP.EAP client authentication 71 • • "Configuring the RADIUS server settings" (page 71) "Pinging the RADIUS server" (page 72) Getting correct RADIUS server settings for the switch This section provides troubleshooting guidelines for obtaining the RADIUS server settings Procedure Steps Step 1 2 Action Obtain network information for the RADIUS server from the Planning and Engineering documentation. --End-- Viewing RADIUS information To review the RADIUS server settings in the device. The default server port is 1812/UDP. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Configuring the RADIUS server settings The RADIUS server settings is to be set to be correct for the network. Some older servers do not support UDP. Follow vendor documentation to set the RADIUS server settings. . Procedure Steps Step 1 2 Action Use the show radius-server command to view the RADIUS server settings.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

--End-- Pinging the RADIUS server Ping the RADIUS server to ensure connection exists. Observe no packet loss to confirm connection.72 Troubleshooting authentication 2 Refer to the vendor documentation for server configuration. Task flow: Enable EAP on the PC The following task flow assists you to ensure the PC network card has EAP enabled. Procedure Steps Step 1 2 Action Use the ping <server IP> command to ensure connection.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 28 Enable EAP on the PC Navigation • "Enabling EAP on PC network card" (page 72) Enabling EAP on PC network card The PC must have the correct hardware and configuration to support EAP. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. . --End-- Enable EAP on The PC The PC has to have an EAP enabled device that is correctly configured.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .EAP client authentication 73 Procedure Steps Step 1 2 3 Action Reference vendor documentation for PC and network card. --End-- Apply the method The correct EAP method needs to be applied. Ensure card is enabled. Figure 29 Apply the method Navigation • "Configuring the RADIUS server" (page 73) Configuring the RADIUS server The RADIUS server is to be configured to authenticate using MD5. Task flow: Apply the method The following task flow assists you to apply the correct EAP method. Ensure card is configured to support EAP.

74 Troubleshooting authentication Procedure Steps Step 1 2 Action Obtain Network information for Radius Server from Planning and Engineering. Task flow: Enable EAP globally The following task flow assists you to enable EAP globally on the ERS 2500 series device. Figure 30 Enable EAP globally Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Save the information for reference. --End-- Enable EAP globally EAP is to be globally enabled on the ERS 2500 series device. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally on the ERS 2500 series device. Procedure Steps Step 1 2 Action Use the show eapol port <port#> command to display the information. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Observe no errors after command execution. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Observe no errors after the command execution. Procedure Steps Step 1 2 Action Use the eapol status auto command to change the port status to auto. Observe the output. --End-- Setting EAPOL port administrative status to auto The port is to be included in the port list.EAP client authentication 75 Navigation • • • "Enabling EAP globally" (page 75) "Viewing EAPOL settings" (page 75) "Setting EAPOL port administrative status to auto" (page 75) Enabling EAP globally The EAP is to be globally enabled on the ERS 2500 series device. --End-- Viewing EAPOL settings The EAPOL settings is to be reviewed to ensure EAP is enabled.

Figure 31 EAP multihost repeated re-authentication issue Navigation • • "Match EAP-MAC-MAX to EAP users" (page 76) "Set EAPOL request packet" (page 78) Match EAP-MAC-MAX to EAP users Lower the eap-mac-max to the exact number of EAP users that may soon enter when the number of authenticated users reaches the allowed maximum in order to halt soliciting EAP users with multicast requests.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . EAP multihost repeated re-authentication issue The following work flow assists you to determine the cause and solution of an EAP multihost has repeated authentication. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.76 Troubleshooting authentication EAP multihost repeated re-authentication issue Eliminate the multiple authentication of users. .

Figure 32 Match EAP-MAC-MAX to EAP users Navigation • • "Identifying number users at allowed max" (page 77) "Lowering EAP max MAC" (page 77) Identifying number users at allowed max Obtain the exact number of eap-users that may soon enter when the number of authenticated users reaches the allowed max. Lowering EAP max MAC Lower the mac-max value to match the users.EAP multihost repeated re-authentication issue 77 Task flow: Match EAP-MAC-MAX to EAP users The following task flow assists you to match the EAP-MAC-MAX to the number of EAP users. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. . Procedure Steps Action Use the show eapol multihost status command to display the authenticated users.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Figure 33 Set EAPOL request packet Navigation • • "Setting EAPOL request packet globally" (page 78) "Setting EAPOL request packet per port" (page 79) Setting EAPOL request packet globally Globally change the EAPOL request packet from multicast to unicast.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Set EAPOL request packet Change the request packet generation to unicast. Observe no errors after execution. Task flow: Set EAPOL request packet The following task flow assists you to set the EAPOL request packet for unicast. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.78 Troubleshooting authentication Procedure Steps Step 1 2 Action Use the eapol multihost eap-mac-max command to set the mac-max value. .

Work flow: EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN is applied. --End-- Setting EAPOL request packet per port Change the EAPOL request packet from multicast to unicast for a specific port. Procedure Steps Step 1 2 Action Enter the interface configuration mode. . --End-- EAP RADIUS VLAN is not being applied Ensure that the RADIUS VLAN is applied correctly to support EAP. Use the eapol multihost eap-packet-mode unicast command to set the EAPOL request packet to unicast for the interface.EAP RADIUS VLAN is not being applied 79 Procedure Steps Step 1 2 Action Use the eapol multihost eap-packet-mode unicast command to set the EAPOL request packet to unicast. Observe no errors after execution. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

.80 Troubleshooting authentication Figure 34 EAP Radius VLAN is not being applied Navigation • • "Configure VLAN at RADIUS " (page 80) "Configure switch" (page 82) Configure VLAN at RADIUS Correct any discrepancy at the RADIUS server for the VLAN information. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Task flow: Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server.

Procedure Steps Step 1 Action Obtain network information from Planning and Engineering documentation locate server information Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .EAP RADIUS VLAN is not being applied Figure 35 Configure VLAN at RADIUS 81 Navigation • • • "Getting correct RADIUS server settings" (page 81) "Viewing RADIUS information" (page 82) "Configuring RADIUS" (page 82) Getting correct RADIUS server settings This section provides troubleshooting guidelines to obtain what the RADIUS server settings are to be. .

There are three attributes that the RADIUS server sends back to the NAS(switch) for RADIUS assigned VLANs. . --End-- Viewing RADIUS information Obtain the radius information to identify its settings. • • • Configure switch Tunnel-Medium-Type – 802 Tunnel-Pvt-Group-ID – <VLAN ID> Tunnel-Type – Virtual LANs (VLAN) The VLAN has to be configured correctly on the ERS 2500 series device. Task flow: Configure switch The following task flow assists you to configure the VLAN on the device. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use vendor documentation to obtain settings display.82 Troubleshooting authentication 2 Obtain network information for RADIUS server. Configuring RADIUS Configure the RADIUS server with the correct VLAN information. Use vendor documentation to make the required changes. It is the same for all RADIUS vendors.

EAP RADIUS VLAN is not being applied Figure 36 Configure switch task 83 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.84 Troubleshooting authentication Navigation • • • • • • • "Showing EAPOL multihost" (page 84) "Enabling use of RADIUS assigned VLANs" (page 85) "Showing EAPOL multihost interface" (page 85) "Showing VLAN config control" (page 85) "Changing VLAN config from strict to flexible" (page 86) "Showing spanning tree" (page 86) "Adding RADIUS assigned VLAN to desired STG" (page 86) Showing EAPOL multihost Identify the EAPOL multihost information. .

Observe no errors after execution. Note the status of ALLOW RADIUS VLANs. . Procedure Steps Step 1 Action Use the show vlan config control command to display the information. --End-- Showing EAPOL multihost interface Display the EAPOL Interface. Procedure Steps Step 1 2 Action Use eapol multihost use-radius-assigned-vlan command to allow the use of VLAN IDs assigned by RADIUS. --End-- Enabling use of RADIUS assigned VLANs Change the allow RADIUS assigned VLAN to enable. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.EAP RADIUS VLAN is not being applied 85 Procedure Steps Step 1 2 Action Use the show eapol multihost command to display the multihost information. Note the state of Allow Use of RADIUS Assigned VLANs. --End-- Showing VLAN config control Display the VLAN config control information. Procedure Steps Step 1 2 Action Use the show eapol multihost interface <port#> command to display the interface information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

. --End-- Adding RADIUS assigned VLAN to desired STG Configure VLAN that was assigned by RADIUS to correct Spanning Tree Group. the EAP enabled port is moved to RADIUS assigned VLAN after EAP authentication succeeds. Observe no errors after execution. Procedure Steps Step 1 2 Action Use the show spanning-tree stp <1-8> vlans command to display the information. Procedure Steps Step 1 2 Action Use the vlan config control flexible command to set the VLAN config control to flexible.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . If the RADIUS assigned VLAN and the original VLAN are in the same STG.86 Troubleshooting authentication 2 Identify if config control is set to strict. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 Action Use the spanning-tree stp <1-8> vlanscommand to make the change. --End-- Showing spanning tree Display the VLANs added to the desired STG. Identify if RADIUS assigned VLAN and original VLAN are in the same STG. --End-- Changing VLAN config from strict to flexible Set the VLAN config control to flexible to avoid complications with strict.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 37 Configured MAC is not authenticating Navigation • "Configure the switch" (page 87) Configure the switch Configure the switch to ensure the correct settings are set to ensure the MAC is authenticating. --End-- Configured MAC is not authenticating Correct a MAC to allow authentication.Configured MAC is not authenticating 2 87 Review output to identify that the change was made. Work flow: Configured MAC is not authenticating The following work flow assists you to determine the cause and solution of a configured MAC that does not authenticate as expected. Task flow: Configure the switch The following task flow assists you to ensure the MAC is authenticating on the ERS 2500 series device. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

.88 Troubleshooting authentication Figure 38 Configure the switch Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Configured MAC is not authenticating 89 Navigation • • • • • • • • "Showing EAPOL port" (page 89) "Setting global EAP enabled and port at eap-auto" (page 90) "Showing EAPOL multihost" (page 90) "Enabling allow Non-EAPOL clients" (page 90) "Showing EAPOL multihost interface " (page 91) "Enabling multihost status and allow non-EAPOL clients " (page 91) "Showing EAPOL multihost non-eap-mac interface " (page 91) "Ensuring MAC in the list" (page 92) Showing EAPOL port Display the EAPOL port information Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Procedure Steps Step 1 Action Use the eapol multihost allow-non-eap-enable command to enable.90 Troubleshooting authentication Procedure Steps Step 1 2 Action Use the command show eapol port <port> to display the port information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Showing EAPOL multihost Display the EAPOL multihost information. --End-- Setting global EAP enabled and port at eap-auto Make the corrections to ensure the settings as required. Use the eapol status auto command to change port status to auto. and port at EAP is set to auto. Procedure Steps Step 1 2 Action Enter the show eapol multihost command to display the information. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. . Note that Allow Non-EAPOL clients is enabled. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally. --End-- Enabling allow Non-EAPOL clients Correct the Non-EAPOL client attribute. Note that EAP is to be enabled globally.

Procedure Steps Step 1 2 3 Action Enter the show eapol multihost interface <port#> command to display the information.Configured MAC is not authenticating 2 91 Observe no errors after execution. --End-- Showing EAPOL multihost interface Display the EAPOL multihost interface information. . Note the MAC is in the list. Note that Allow Non-EAPOL clients is enabled. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Enabling multihost status and allow non-EAPOL clients Correct the Non-EAP client attribute. Use the eapol multihost enable command to enable multihost status.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Note that Multihost status is enabled. --End-- Showing EAPOL multihost non-eap-mac interface Display the EAPOL multihost interface information. Procedure Steps Step 1 2 Action Enter the show eapol multihost non-eap-mac interface <port> command to display the information. Procedure Steps Step 1 2 Action Use the eapol multihost allow-non-eap-enable command to enable.

Procedure Steps Step 1 2 Action Use the show eapol multihost non-eap-mac status <port> command to view mac addresses. Work flow: NEAP RADIUS MAC not authenticating The following work flow assists you to determine the cause of and solution for a RADIUS MAC that does not authenticate.H. Figure 39 NEAP RADIUS MAC not authenticating Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use the eapol multihost non-eap-mac <H. --End-- NEAP RADIUS MAC not authenticating Correct a NEAP RADIUS MAC that is not authenticating. .92 Troubleshooting authentication Ensuring MAC in the list Add the MAC to the list if the case it was omitted.H> <port> command to add a mac address to the list.

NEAP RADIUS MAC not authenticating 93 Navigation • • "Configure switch" (page 93) "RADIUS server configuration error" (page 96) Configure switch Correct switch configuration to correct issue with RADIUS MAC. Task flow: Configure switch The following task flow assists you to configure the ERS 2500 series device to correct the RADIUS MAC issue. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 40 Configure switch Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.94 Troubleshooting authentication Navigation • • • • • • • "Displaying EAPOL port" (page 94) "Setting global eap enabled and port at eap-auto" (page 95) "Displaying EAPOL multihost" (page 95) "Enabling RADIUS to authenticate non-EAPOL clients" (page 95) "Formatting non-EAPOL RADIUS password attribute" (page 96) "Displaying EAPOL multihost interface" (page 96) "Enabling RADIUS To Auth Non-EAP MACs" (page 96) Displaying EAPOL port Display the EAPOL port information for review.

Note the following: • • Use RADIUS To Authenticate NonEAPOL Clients is enabled Non-EAPOL RADIUS Password Attribute Format: IpAddr. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 2 Action Enter the show eapol port multihost command to display the information. Use the eapol status auto command to change port status to auto.PortNumber --End-- Enabling RADIUS to authenticate non-EAPOL clients Make the required changes on the RADIUS server to authenticate Non-EAP clients. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally.NEAP RADIUS MAC not authenticating 95 Procedure Steps Step 1 2 Action Enter the show eapol port <port#> command to display the information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Apply changes to RADIUS server using vendor documentation. --End-- Displaying EAPOL multihost Display the EAPOL Multihost information for review. --End-- Setting global eap enabled and port at eap-auto Make the required changes to ensure the settings are correct. Note the global eap is enabled and port is eap-auto.MACAddr.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.96 Troubleshooting authentication Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Procedure Steps Step 1 2 Action Enter the show eapol multihost interface <port#> command to display the information Verify the following: • Use RADIUS To Authenticate Non EAP MACs is enabled --End-- Enabling RADIUS To Auth Non-EAP MACs Make the required changes on the RADIUS server to authenticate Non-EAP clients.MACAddr. Apply changes to RADIUS server using vendor documentation. Displaying EAPOL multihost interface Display the EAPOL Multihost information for review. RADIUS server configuration error The RADIUS server requires that the correct MAC address and password for the ERS 2500 series device be configured. .PortN umber. RADIUS server is to have the format changed to IpAddr. Task flow: RADIUS server configuration error The following task flow assists you to configure the RADIUS server with the correct MAC and password.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Work flow: NEAP MHSA MAC is not authenticating The following work flow assists you to determine the solution for an MHSA MAC not authenticating.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Reference the vendor documentation for the RADIUS server NEAP MHSA MAC is not authenticating Ensure that the switch is configured correctly. If it is not correct the ERS 2500 series device may not authenticate. .NEAP MHSA MAC is not authenticating Figure 41 RADIUS server configuration error 97 Navigation • "Configuring MAC and password on RADIUS server" (page 97) Configuring MAC and password on RADIUS server The RADIUS server requires that the MAC and password for the ERS 2500 series device be correct.

98 Troubleshooting authentication Figure 42 NEAP MHSA MAC is not authenticating Navigation • "Configure switch " (page 98) Configure switch Configure the switch to enable MHSA.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Configure switch The following task flow assists you to enable MHSA on the ERS 2500 series device. .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .NEAP MHSA MAC is not authenticating Figure 43 Configure switch 99 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .100 Troubleshooting authentication Navigation • • • • • • "Showing EAPOL port" (page 100) "Setting global EAP enabled and port at eap-auto" (page 101) "Showing EAPOL multihost" (page 101) "Formatting non-EAPOL RADIUS password attribute" (page 101) "Showing EAPOL multihost interface" (page 102) "Enabling RADIUS to auth non-EAP MACs" (page 102) Showing EAPOL port Display the EAPOL port information for review. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use vendor documentation to make required changes on RADIUS server to change the format to IpAddr. --End-- Showing EAPOL multihost Display the EAPOL Multihost information for review.PortNumber. Procedure Steps Step 1 2 Action Enter the show eapol port multihost command to display the information. Use the eapol status auto command to change port status to auto. Note the following: • Use RADIUS To Authenticate NonEAPOL Clients is enabled --End-- Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Note the global eap is enabled and port is eap-auto.MACAddr. --End-- Setting global EAP enabled and port at eap-auto Make the required changes to ensure the settings are correct. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally.NEAP MHSA MAC is not authenticating 101 Procedure Steps Step 1 2 Action Enter the show eapol port <port#> command to display the information.

Note the following: • Allow Auto Non-EAP MHSA: Enabled --End-- Enabling RADIUS to auth non-EAP MACs Make the required changes on the RADIUS server to authenticate Non-EAP clients Apply changes to RADIUS server using vendor documentation. Apply changes to RADIUS server using vendor documentation. Procedure Steps Step 1 2 Action Enter the show eapol multihost interface <port#> command to display the information. . Work flow: EAP-NEAP unexpected port shutdown The following work flow assists you to determine the solution for EAP-NEAP ports experiencing a shutdown. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. EAP-NEAP unexpected port shutdown Identify the reason for the port shutdown and make configuration changes to avoid future problems.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Showing EAPOL multihost interface Display the EAPOL Multihost information for review.102 Troubleshooting authentication Enabling RADIUS to Authenticate NON-EAPOL Clients Make the required changes on the RADIUS server to authenticate Non-EAP clients.

EAP-NEAP unexpected port shutdown Figure 44 EAP-NEAP unexpected port shutdown

103

Navigation

"Configure switch" (page 103)

Configure switch
Configure ports to allow more unauthorized clients.

Task flow: Configure switch
The following task flow assists you to allow an increased number of unauthorized clients on the ports.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

104

Troubleshooting authentication

Figure 45 Configure switch

Navigation

• • • •

"Showing Logs" (page 104) "Showing EAP-NEAP clients on port" (page 105) "Showing EAPOL port information" (page 105) "Making changes" (page 105)

Showing Logs
Display log information for detailed information to provide any additional information.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

EAP-NEAP unexpected port shutdown

105

Procedure Steps Step
1 2

Action Use the show logging command to display the log. Observe the log output and note any anomalies.
--End--

Showing EAP-NEAP clients on port
Display EAP-NEAP client information on the port to provide additional information. Procedure Steps Step
1 2

Action Use the show mac-address-table command to show the clients on the port. Observe the log output and note any anomalies.
--End--

Showing EAPOL port information
Display EAPOL port information for detailed information to provide any additional information. Procedure Steps Step
1 2

Action Use the show mac-address-table command to show the clients on the port. Observe the log output and note any anomalies.
--End--

Making changes
This section provides troubleshooting guidelines for changing the EAP settings. It may clean up old MACs.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

--End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.106 Troubleshooting authentication Procedure Steps Step 1 2 3 Action Use the eap-force-unauthorised command to set the administrative state of the port to forced unauthorized. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Use the shut/no shut commands in the Interface Exec Mode. Use the eapol status auto command to change to eap-auto to start.

.

This document is protected by copyright laws and international treaties. Users must take full responsibility for their applications of any products specified in this document.nortel. Sourced in Canada. configurations.nortel. displayed or transmitted. go to www. All information. in whole or part. .com/documentfeedback. in any form or media. Printed in Canada Release: 4. and recommendations in this document are believed to be accurate and reliable.01 Document release date: 06 May 2008 To provide feedback or to report a problem in this document. and India. . Except as expressly authorized in writing by Nortel Networks.com The information in this document is subject to change without notice. distributed. modified. but are presented without express or implied warranty. and the Globemark are trademarks of Nortel Networks. copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks. The statements. the United States of America. produced or reproduced. the holder is granted no rights to use the information contained herein and this document shall not be published. compiled. copied. translated. technical data. *Nortel.1 Publication: NN47215-700 Document status: Standard Document revision: 01. All other trademarks are the property of their respective owners.Ethernet Routing Switch 2500 Series Troubleshooting Copyright © 2008 Nortel Networks All Rights Reserved. the Nortel logo. www.