You are on page 1of 108

Ethernet Routing Switch 2500 Series

Troubleshooting
Release: 4.1 Document Revision: 01.01

www.nortel.com

NN47215-700
.

324605-A

Ethernet Routing Switch 2500 Series Release: 4.1 Publication: NN47215-700 Document status: Standard Document release date: 06 May 2008 Copyright © 2008 Nortel Networks All Rights Reserved. Sourced in Canada The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. This document is protected by copyright laws and international treaties. All information, copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks. Except as expressly authorized in writing by Nortel Networks, the holder is granted no rights to use the information contained herein and this document shall not be published, copied, produced or reproduced, modified, translated, compiled, distributed, displayed or transmitted, in whole or part, in any form or media. Sourced in Canada, the United States of America, and India. *Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks. All other trademarks are the property of their respective owners.

ATTENTION: Before troubleshooting the Ethernet Routing Switch 2500 Series, ensure you read the legal statements in the first chapter of this guide.

.

.

3

Contents
Legal information
Restricted rights legend 5 Statement of conditions 5 Nortel Networks software license agreement

5

6

New in this release
Stacking 9 Stacking licensing 9 Stacking functionality and rear ports 10 Stack Licensing – rear port mode 10 Power over Ethernet (POE) limitations 11

9

Introduction Troubleshooting planning Troubleshooting tools
Port Mirroring 17 Port mirroring limitations 17 Port mirroring commands 18 Port statistics 18 System logs 18 Auto Unit Replacement (AUR) 18 Nortel knowledge and solution engine 19

13 15 17

General diagnostic tools
CLI command modes 21

21 23 25

Initial troubleshooting
Gather information 23

Emergency recovery trees
Corruption of flash 26 Incorrect PVID 27 Uplink ports not tagged to VLAN SNMP 30 Stack 33

28

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .4 Troubleshooting hardware Check power 41 Check cables 44 Check port 45 Check fiber port 47 Replace unit 50 39 Troubleshooting ADAC IP phone is not detected 56 Correct filtering 57 Reload ADAC MAC in range table 58 Reduce LLDP devices 60 Auto configuration is not applied 61 Correct auto configuration 62 Check status and number of devices 64 55 Troubleshooting authentication EAP client authentication 68 Restore RADIUS connection 70 Enable EAP on The PC 72 Apply the method 73 Enable EAP globally 74 EAP multihost repeated re-authentication issue Match EAP-MAC-MAX to EAP users 76 Set EAPOL request packet 78 EAP RADIUS VLAN is not being applied 79 Configure VLAN at RADIUS 80 Configure switch 82 Configured MAC is not authenticating 87 Configure the switch 87 NEAP RADIUS MAC not authenticating 92 Configure switch 93 RADIUS server configuration error 96 NEAP MHSA MAC is not authenticating 97 Configure switch 98 EAP-NEAP unexpected port shutdown 102 Configure switch 103 67 76 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

. provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . 5 Legal information Restricted rights legend Use. Nortel Networks reserves the right to make changes to the products described in this document without notice. duplication.227-19. operational function. the rights of the United States Government regarding its use. and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted. Berkeley. Portions of the code in this software product may be Copyright © 1988. . Regents of the University of California. WITHOUT LIMITATION. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. Statement of conditions In the interest of improving internal design. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. this computer software. or accompany the delivery of. INCLUDING.227-7013. reproduction. Notwithstanding any other license agreement that may pertain to. Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission. advertising materials. and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52. or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252. and/or reliability.

rent or lease the Software. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level. reverse compile. If you do not accept these terms and conditions. within 30 days of purchase to obtain a credit for the full purchase price. . and is copyrighted and licensed. Customer is granted a nonexclusive license to use Software only on such hardware or CFE. not sold. You are responsible for the selection of the Software and for the installation of. Customer shall not a) use. publish or disseminate. recordings or pictures) and related licensed materials including all whole or partial copies. c) create derivative works or modifications unless expressly authorized. data. Customer will promptly return the Software to Nortel Networks or certify its Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. You obtain no rights other than those granted to you under this License Agreement. return the Software.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose. "Software" is owned or licensed by Nortel Networks. copy. and results obtained from the Software. Nortel Networks software license agreement This Software License Agreement ("License Agreement") is between you. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties). as applicable.6 Legal information In addition. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. modify. or d) sublicense. Licensed Use of Software. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"). the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). whichever is applicable. its components. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. use of. reverse engineer or otherwise translate the Software. unused and in the original shipping container. its parent or one of its subsidiaries or affiliates. transfer or distribute the Software except as expressly authorized. b) reverse assemble. text. 1. Software consists of machine-readable instructions. audio-visual content (such as images. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use. PLEASE READ THE FOLLOWING CAREFULLY.

NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE. Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software.R. 2.212 (for non-DoD entities) and 48 C. OR c) DIRECT. they may not apply. upon termination. 4. Nortel Networks is not obligated to provide support of any kind for the Software. General — If Customer is the United States Government. OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS). INCIDENTAL.7202 (for DoD entities). Some jurisdictions do not allow these limitations or exclusions and. OR DAMAGE TO. Federal Regulations at 48 C. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. FILES OR DATA.R. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM.F. INCLUDING.Nortel Networks software license agreement 7 destruction. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow exclusion of implied warranties. in such event. — Customer may terminate the license at any time. ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. . Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. and. b) LOSS OF. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer. CUSTOMER’S RECORDS. Customer must either return the Software to Nortel Networks or certify its destruction. EVEN IF NORTEL NETWORKS. Software is provided "AS IS" without any warranties (conditions) of any kind. BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. 227. the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and. INDIRECT.F. Warranty. Sections 12. SPECIAL. WHETHER IN CONTRACT. Limitation of Remedies. EITHER EXPRESS OR IMPLIED. the above exclusions may not apply. 3.S. in the event Software is licensed for or on behalf of the United States Government. PUNITIVE. In either event. TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE. The foregoing limitations of remedies also apply to any developer and/or supplier of the Software. in such event. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. more than two years after the cause of the action arose. — This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . then this License Agreement is governed by the laws of the state of New York. resulting from Customer’s use of the Software.8 Legal information — Customer is responsible for payment of any taxes. — Neither party may bring an action. . including personal property taxes. — The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. regardless of form.

or WebUI. when the stack is reset to default (#boot default) the switches continues to function in stack indefinitely. 9 New in this release This is the first standard release of the ERS 2500 series Troubleshooting Guide. by purchasing a stack enabled device. . Each kit contains a license certificate and LAC. The license file unlocks stacking functionality and allows the ports on the rear of the switch to be set to Stacking Mode. The license file is generated.. Stacking functionality is available through two methods. It is important to note that stack enabled switches can be stacked regardless of the method the stacking was enabled on them.1 has the capability to stack up to eight units in a stack. License files can be added and removed from the switch. the license file is removed. Should you set a non stack enabled device to default. This document supports Release 4.1 feature content. a standalone unit can have the stacking feature enabled through the use of a Stacking License Kit that includes a license certificate and a License Authorization code (LAC) for use on the Nortel Licensing Portal. The license file management and generation is through the Nortel Licensing Portal. Stacking The ERS 2500 Series software release v4. JDM. First. when the licenses are removed (#clear license) the stack continues to work until the second reset.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Second. Second. These devices do not use or require a license for the feature. Stacking licensing There are four variants of Stacking License Kits that are available for standalone switches. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. downloaded and installed on each standalone ERS 2500 Series device that requires stacking functionality. The instructions are located on the license certificate. There are two cases that may be encountered. The stack enabled units are identifiable through CLI. These devices have the rear ports set to stacking mode as default in the factory. First.

5 ft) stacking cable. Figure 2 ERS 2500 rear ports Each ERS 2500 Series device ships with a 46 cm (1. The base unit must have the unit select switch set to on. The stacking cable is a black Cat5E cable. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. You are permitted to use your own cables and longer lengths up to 100m. The ERS 2500 Series licensing has a more intuitive LAC schema. This is at your own risk and is not officially supported by GNTS. 10. Figure 1 License Schema Stacking functionality and rear ports Stacking mode must be configured on the rear ports before the switches are connected together.5 m (5 ft) and 3 m (10 ft) and are similar to stack return cables. . Also available for purchase are additional cables of 1. or 100 devices. 50. Stack Licensing – rear port mode The rear ports on the ERS 2500 series are configurable via NNCLI and JDM in ‘config’ mode. There is no auto-detection for the stacking function.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .10 New in this release Stack License Kits are available for 1. The memo field in the license is also populated as part of the license file generation on the licensing portal. Spare stacking cables are available on the price list for additional purchase.

3af compliant mode).3af and legacy while a PoE port on the switch is connected to a non-PoE device.Power over Ethernet (POE) limitations 11 In NNCLI. This occurs if the PD detect type on an ERS 2500-PWR is set to 802. show rear-ports mode displays the operating mode of the rear ports.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . the rear ports are be grayed out and not selectable in the switch view if the ports are in stacking mode. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Some devices are always errantly detected because they match the capacitive signature. Under JDM. The default is standalone. you can use the following commands: • • default rear-ports mode [unit <1-8>] {standalone | stacking} to set the operating mode. cabling. . Be aware that this is a hardware limitation that is caused by the capacitive detection method used in the legacy mode (versus resistive/current based detection used in 802. dependent on the environment. under PrivExec mode. etc. Figure 3 ERS 2500 JDM display Power over Ethernet (POE) limitations The status for the PoE port can appear incorrectly as InvalidPD rather than detecting.

12 New in this release Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. This documents assumes that you: • • • • Have basic knowledge of networks.. and IP routing. capture and analyze data packets. Guides you through some common problems to achieve a first tier solution to these situations Advises you what information to compile prior to troubleshooting or calling Nortel for help. Have basic knowledge of network topologies. Other tools are more general in their application and can be used to diagnose and monitor ingress and egress traffic. Troubleshooting Tools The ERS 2500 Series products support a range of protocols.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . monitor laser operating characteristics. This document : • • • Describes the diagnostic tools and utilities available for troubleshooting the Nortel ERS 2500 Series products including the Nortel Networks Command Line Interface (NNCLI) and Java Device Manager (JDM). and manage event messages. 13 Introduction This document is the first troubleshooting guide for the ERS 2500 series software Release v4.. and diagnostic tools that you can use to monitor and analyze traffic. . Are familiar with networking concepts and terminology. Certain protocols and tools are tailored for troubleshooting specific ERS 2500 Series network topologies. view statistics. utilities.1. ethernet bridging. Have experience with Graphical User Interface (GUI). trace data flows.

.14 Introduction Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

use the Ethernet Routing Switch 2500 Series Documentation Roadmap to familiarize yourself with the documentation set. ports.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .. and attached devices. Third. • • • • • Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. You can use the map to systematically search each part of your network for problems. 15 Troubleshooting planning There are some things you can do to minimize the need for troubleshooting and to plan for doing it as effectively as possible. logical connections. First. It is a good practice to maintain a device inventory. MAC addresses. which helps locate the users and applications that are affected by a problem. You must know how your devices are connected logically and physically with virtual local area networks (VLAN). so you know where to get information when you need it. Use this inventory to easily see the device types. IP addresses. It is a good practice to keep records of your previous passwords in case you must restore a device to a previous software version. which list all devices and relevant information for your network. You should maintain online and paper copies of your device configuration information. Ensure that all online data is stored with your site’s regular data backup for your site. make sure the system is properly installed and maintained so that it operates as expected. Second. If your site has no backup system. • A site network map identifies where each device is physically located on your site. you must keep a list of the MAC addresses that correlate to the ports on your hubs and switches. device configuration information. make sure you gather and keep up to date the site map. Store passwords in a safe place. and other data that you will require if you have to troubleshoot. If your hubs or switches are not managed. You need to use the old password that was valid for that version. . copy the information onto a backup medium and store the backup offsite.

• • Monitor your network over a period of time sufficient to allow you to obtain statistics and data to see patterns in the traffic flow. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.16 Troubleshooting planning • • Maintain a change-control system for all critical systems. engineer details. A baseline view of network traffic as it typically is during normal operation is a reference that you can compare to network traffic data that you capture during troubleshooting. This should speed the process of isolating network problems. support numbers. understand the normal network behavior so you can be more effective at troubleshooting problems. such as support contacts. Having this information available during troubleshooting saves you time. Fourth. It is a good practice to store the details of all key contacts. Permanently store change-control records. Use a baseline analysis as an important indicator of overall network health. such as which devices are typically accessed or when peak usage times occur.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . and telephone and fax numbers. .

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.. both the monitor and mirror port should be on the same unit. The monitor port does not receive copies of the generated control packets that egress from the mirrored port. You can observe and analyze packet traffic at the mirroring port using a network analyzer. the packet traffic is uninterrupted and packets flow normally through the mirrored port. There are also limitations on Ingress and Egress modes.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . port-mirroring mode XTX mirrors egress traffic on the mirrored port but does not mirror control packets generated by the switch. Unlike other methods that are used to analyze packet traffic. First. While as a standalone or a stack. A copy of the packet can be captured and analyzed. When port mirroring is enabled. . in a stack. Second. the same limitation on the XTX portion also applies to this mode. Port Mirroring ERS 2500 Series switches have a port mirroring feature that helps you to monitor and analyze network traffic. 17 Troubleshooting tools These are the available troubleshooting tools and their applications. Port mirroring limitations The ERS 2500 series supports port mirroring in the following three modes: • • • Ingress mode (XRX or ->Port X) Egress mode (XTX or Port X ->) Ingress and Egress Mode (XRX or XTX or <->Port X) There are limitations to the Egress mode. The port mirroring feature supports both ingress (incoming traffic) and egress (outgoing traffic) port mirroring. the ingress or egress packets of the mirrored (source) port are forwarded normally and a copy of the packets is sent from the mirrored port to the mirroring (destination) port.

as well as messages received from an ERS 2500 Series device running in a network accessible to the workstation. The new unit must be running the same software and firmware versions as the previous unit but with a different MAC address. . displays. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. For example. the unit is allowed to join the stack. System logs You can use the syslog messaging feature of the ERS 2500 Series products to manage event messages. AUR is enabled. The ingress and egress counts occur at the MAC layer. prints. By default. or forwards messages that originate from sources that are internal and external to the workstation. Auto Unit Replacement (AUR) You must understand AUR to replace a failed device in the stack if AUR is enabled.18 Troubleshooting tools Port mirroring commands Please refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for port mirroring command information You can use the port mirroring commands to assist in diagnostics and information gathering. The stack power must be on during unit replacement. Port statistics Use port statistics commands to display information on received and transmitted packets at the ports. If the hardware version of the replaced unit is different from the previous unit.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . The daemon syslogd is a software component that receives and locally logs. The Auto Unit Replacement (AUR) feature allows replacement of a failed unit in a stack with a new unit. AUR can be enabled or disabled from the NNCLI and JDM. The ERS 2500 Series syslog software communicates with a server software component named syslogd that resides on your management workstation. syslogd software concurrently handles messages received from applications running on the workstation. while retaining the configuration of the previous unit. the configuration of the previous unit is not replicated in the new unit. However.

troubleshooting solutions. service cases. software patches and releases. and technical bulletins.Nortel knowledge and solution engine 19 Nortel knowledge and solution engine The Knowledge and Solution Engine is a database of Nortel technical documents. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . It is searchable by natural-language query.

20 Troubleshooting tools Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

and view the address resolution table. run loopback and ping tests. This document focuses on using the CLI to perform the majority of troubleshooting. NNCLI. test the switch fabric. and a Web Interface. view and monitor port statistics. CLI command modes CLI command modes provide different levels of authority for operation. You can configure and display files. The command line interface is accessed through either a direct console connection to the switch or by using the Telnet or SSH protocols to connect to the switch remotely. . Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for command mode information. You can use the web Interface in cases where the troubleshooting steps require corroborating information to ensure diagnosis. 21 General diagnostic tools The ERS 2500 Series device has diagnostic features available with the JDM.. CLI and NNCLI are interchangeable.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . listed in order of increasing privileges: • • • • User EXEC Privileged EXEC Global configuration Interface configuration Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. The CLI has four major command modes. trace a route. You can use these diagnostic tools to help you troubleshoot operational and configuration issues. For purposes of using this document.

• • • It is possible to move between command modes on a limited basis. and booting the switch. The command modes are as follows: • User EXEC mode: The User EXEC mode (also referred to as exec mode) is the default CLI command mode. and if you are logged in with write access. such as speed. privExec is an unrestricted mode that allows you to view all settings on the switch. duplex mode. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Privileged EXEC mode: The Privileged EXEC mode (also referred to as privExec mode) enables the user to perform basic switch-level management tasks. Global configuration mode: The Global Configuration mode (also referred to as config mode) enables the user to set and display general configurations for the switch such as IP address. This mode is the most restrictive CLI mode and has few commands available. That is. SNMP parameters. it also allows you to access all configuration modes and commands that affect operation of the switch (such as downloading images.). and VLANs. User EXEC is the initial mode of access when the switch is first turned on and provides a limited subset of CLI commands. rebooting. Telnet access. This is explained in the Common Procedures section of this document. The command set of a higher-privilege mode is a superset of a lower-privilege mode. and rate-limiting. etc. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Interface configuration mode:The Interface Configuration mode (also referred to as config-if mode) enables the user to configure parameters for each port or VLAN.22 General diagnostic tools Each mode provides a specific set of commands. setting passwords. such as downloading software images. all lower-privilege mode commands are accessible when using a higher-privilege mode.

A network topology diagram: Get an accurate and detailed topology diagram of your network that shows the nodes and connections. The software version that is running on the device. such as the cables and module connections. you can use the show running-config command. your network. It is usually best to follow the Open System Interconnection (OSI) network architecture layers. or custom applications (for example. . System status: Displays technical information about system status and information about the hardware. Get a list of • • • • Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. you must gather information that can help the Technical Support personnel. Get the date and time of the changes. To do this. use the show tech command. Information about past events. and switch operation output from the show sys-info command. Confirm that the physical environment. Your planning and engineering function should have this diagram. For more detail. use the show sys-info or show system verbose commands to display the software version. This includes the following information: • • Default and current configuration of the switch. As part of your initial troubleshooting. To do this. To do this. has configuration or code been changed?). Nortel recommends that you check the Knowledge and Solution Engine on the Nortel web site for known issues and solutions related to the problem you are experiencing. is operating without any failures before moving up to the network and application layers. Recent changes: Find out about recent changes or upgrades to your system. review the log files using the show logging command. Gather information Before contacting Nortel Technical Support.. and the names of the persons who made them. 23 Initial troubleshooting The types of problems that typically occur with networks involve connectivity and performance. software.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

• Connectivity information: When connectivity problems occur. or installation of new hardware. increased traffic. get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues. use these commands: — show tech — show running-config — show port-statistics <port> Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. To do this. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . a LAN change.24 Initial troubleshooting events that occurred prior to the trouble. such as an upgrade.

Emergency recovery trees The following work flow contains some typical problems. . They are meant to quickly assist you through some common failures for a solution. These situations are not dependant upon each other. 25 Emergency recovery trees Emergency Recovery Trees (ERT) provide a quick reference for troubleshooting without procedural detail. Figure 4 Emergency recovery trees Navigation • • • • • "Corruption of flash" (page 26) "Incorrect PVID" (page 27) "Uplink ports not tagged to VLAN" (page 28) "SNMP" (page 30) "Stack " (page 33) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks ..

Corruption of flash recovery tree Figure 5 Corruption of flash Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Initializing of the flash is one way to clear a corrupted configuration file and is required before an RMA.26 Emergency recovery trees Corruption of flash Corruption of the switch configuration file can sometimes occur due to power outage or environmental reasons makes the configuration of the box corrupt and non-functional.

Incorrect PVID

27

Incorrect PVID
An issue can occur where clients cannot communicate to critical servers when their ports are put in wrong VLAN. If the server is plugged in VLAN-3 and the PVID of the port is 2 then loss of communication can occur. This can be verified by checking the PVID of the ports.

Incorrect PVID Recovery Tree
Figure 6 Incorrect PVID

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

28 Emergency recovery trees

Uplink ports not tagged to VLAN
When an ERS 2500 series switch is connected to an ERS 8600 series switch and devices in a VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 2500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 2500 series switch.

Uplink ports not tagged to VLAN recovery tree

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

Uplink ports not tagged to VLAN Figure 7 Uplink ports not tagged to VLAN

29

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

SNMP recovery tree Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. verify the trap configurations (the trap destination address and the traps configured to be sent). If you can reach a device but no traps are received. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .30 Emergency recovery trees SNMP SNMP failure may be the result of an incorrect configuration of the management station or its setup.

SNMP Figure 8 SNMP 31 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .32 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Failures can also arise when there are multiple bases configured. Stack Recovery Tree Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .Stack 33 Stack Stack failure can be the result of a communication error between the individual units due to configuration or cabling.

34 Emergency recovery trees Figure 9 Stack Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

Stack 35 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .36 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

Stack 37 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .38 Emergency recovery trees Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. 39 Troubleshooting hardware Complete hardware troubleshooting specific to the ERS 2500 series. . Work flow: Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .40 Troubleshooting hardware Figure 10 Troubleshooting hardware Navigation • • • "Check power" (page 41) "Check cables" (page 44) "Check port" (page 45) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

Check power 41 • • Check power "Check fiber port" (page 47) "Replace unit" (page 50) Confirm power is being delivered to the device.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Task flow: Check power The following task flow assists you to confirm that the ERS 2500 series device is powered correctly. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .42 Troubleshooting hardware Figure 11 Check power Navigation • • • • • "Correcting voltage source" (page 43) "Ensuring power cord is installed" (page 43) "Observing error report on console" (page 43) "Reloading agent code" (page 43) "Returning unit for repair" (page 43) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

Know the current version of your software before reloading it. Observing error report on console Interpret the message that is sent to console when it fails.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Note the LED status for information: • • Status LED blinking amber: Power On Self Test (POST) failure Power LED blinking: corrupt flash --End-- Reloading agent code Reload the agent code on the ERS 2500 series device to eliminate corrupted or damaged code that causes a partial boot of the device. Procedure Steps Step 1 2 Action View console information and note any details for the RMA. . Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for software installation.Check power 43 Correcting voltage source Confirm the power cord is connected to the appropriate voltage source. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. CAUTION Ensure you have adequate backup of your configuration prior to reloading software. --End-- Returning unit for repair Return unit to Nortel for repair. Procedure Steps Step 1 2 Action Use the show sys-info command view the software version. Ensuring power cord is installed Confirm the power cord is properly installed for the device. Loading incorrect software versions may cause further complications.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Check cables The following task flow assists you to confirm the stacking cables on the ERS 2500 series device are installed correctly. .44 Troubleshooting hardware Contact Nortel for return instructions and RMA information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . The ERS 2500 series software Release v4. Figure 12 Check cables Navigation • • "Confirming cables are correct type" (page 44) "Reviewing configuration documentation" (page 45) Confirming cables are correct type Ensure the cables are RJ45 connectors. Check cables Confirm the stacking cables are correctly connected.1 supports the use of both straight and crossover Cat5e cabling.

Figure 13 Stack configuration 1. Base unit 2. Cascade cable 3. Task flow: Check port The following task flow assists you to check the port and ethernet cables.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Cascade cable (used for return) Check port Confirm the port and ethernet cable connecting the port are in proper configuration.Check port 45 Reviewing configuration documentation Review the stacking procedures in the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500). .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.46 Troubleshooting hardware Figure 14 Check port Navigation • • • • "Viewing port information" (page 46) "Enabling the port" (page 47) "Confirming the cables are working" (page 47) "Confirming the cables are working" (page 47) Viewing port information Review the port information to ensure it is enabled. Procedure Steps Step 1 Action Use the show interfaces <port> command to display the port information.

Note the operational and link status of the port.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Note the port administrative status. Use the show interfaces <port> command to display the port. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Use the no shutdown command to change the port configuration.Check fiber port 47 2 Note the port status. Use the no shutdown command to change the port configuration. Procedure Steps Step 1 2 3 4 Action Go to interface specific mode using the interface fastethernet <port> command. Use the show interfaces <port> command to display the port. Procedure Steps Step 1 2 3 4 Action Go to interface specific mode using the interface fastethernet <port> command. --End-- Check fiber port Confirm the fiber port is working and the cable connecting the port are the proper type. --End-- Confirming the cables are working Ensure that the cables connecting to the port are functioning correctly. --End-- Enabling the port Enable the port. .

Figure 15 Check fiber port Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .48 Troubleshooting hardware Task flow: Check fiber port The following task flow assists you to confirm the fiber port cable is functioning and is of the proper type.

--End-- Confirming cables working Confirm that the cables are working on the port. --End-- Enabling port Ensure the port on the ERS 2500 series device is enabled. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Step 1 2 Action Use the show interfaces <port> command to display the port information Note the port status. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Use the show interfaces <port> command to display the port information. Procedure Steps Step 1 Action Use the no shutdown command to change the port configuration. Procedure Steps Step 1 2 3 Action Use the no shutdown command to change the port configuration.Check fiber port 49 Navigation • • • • "Viewing fiber port information" (page 49) "Enabling port" (page 49) "Confirming cables working" (page 49) "Returning unit for repair" (page 50) Viewing fiber port information Review the port information to ensure it is enabled. Note the port status.

In order for AUR to function properly. the new unit and the existing units in the stack must all be running the same version of software (Release 4. . CAUTION Due to physical handling of the device and your physical proximity to electrical equipment. review and adhere to all safety instructions and literature included with device and in Nortel Ethernet Routing Switch 2500 Series — Regulatory Information (NN47215-100). --End-- Returning unit for repair Return unit to Nortel for repair Contact Nortel for return instructions and RMA information. then the verify software procedures are not required. AUR is not designed for the situation of removing and reinserting the same switch (with the same MAC address). Task flow: Replace unit The following task flow assists you to replace one of the ERS 2500 series devices.50 Troubleshooting hardware 2 3 Use the show interfaces <port> command to display the port. The stack power must be on during unit replacement.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Note the port operational and link status.1 software or later). Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. The Auto Unit Replacement (AUR) feature allows replacement of a failed unit in a stack with a new unit. This in only appropriate if old software is used or AAUR is disabled. Replace unit Remove defective unit and insert the replacement. If AAUR is available (and it is turned on by default in such cases). For detailed information regarding AUR refer to Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) Auto Unit Replacement section. while retaining the configuration of the previous unit.

Replace unit Figure 16 Replace unit 51 Navigation • • • • • • • "Removing failed unit" (page 52) "Verifying software version is correct on new device" (page 52) "Obtaining correct software version" (page 52) "Placing new unit" (page 52) "Connecting stacking cables" (page 52) "Powering on unit" (page 53) "Returning unit for repair" (page 53) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Know the proper version of your software before loading it. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Loading incorrect software versions may cause further complications. Use the show sys-info command view the software version. Procedure Steps Step 1 2 Action Connect the new device to the console. Placing new unit Place the new unit in the stack where the failed unit was connected. Do not power down stack. Procedure Steps Action Refer to the Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for software installation.52 Troubleshooting hardware Removing failed unit Remove the failed unit from the stack.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Verifying software version is correct on new device Verify that the new device to be inserted has the identical software version. --End-- Obtaining correct software version Obtain and install correct software version CAUTION Ensure you have adequate backup of your configuration prior to reloading software. Connecting stacking cables Reconnect the stacking cables to correctly stack the device. Procedure Steps Step 1 2 Action Maintain power to the stack. Remove the failed device. . independent of stack connection.

Connect the cables in accordance with physical stack requirements. There is no requirement to reset the entire stack.Replace unit 53 Procedure Steps Step 1 Action Review the stacking section in Nortel Ethernet Routing Switch 2500 Series Configuration — System (NN47215-500) for cabling details. . This confirms that replication has completed. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Confirm that the new unit has reset itself. --End-- Returning unit for repair Return unit to Nortel for repair Contact Nortel for return instructions and RMA information. The single device being replaced is the only device having such action placed on it. The configuration of the failed unit to be replicated on the new unit. Procedure Steps Step 1 2 3 Action Connect the power to the unit. --End-- 2 Powering on unit Energize the unit once it is connected and ready to integrate. Allow time for the new unit to join the stack.

54 Troubleshooting hardware Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .. ADAC clarifications ADAC VLAN settings are dynamic and are not saved to nonvolatile memory. the VLAN number cannot be used by user in regular VLAN creation. Otherwise ADAC won’t detect any phone. Work flow: Troubleshooting ADAC The following work flow assists you to identify the type of problem you are encountering. You only have to reserve or set the VLAN number used by ADAC with the adac voice-vlan x command. ADAC redetects the ports and re-applies the default settings for them. . then LLDP itself has to be enabled on the switch. If you enable the LLDP detection mechanism for telephony ports. Once the VLAN number is reserved for ADAC voice-vlan with the adac voice-vlan x command. You do not manually create a VLAN to be used as the voice VLAN and then try to set this VLAN as ADAC voice VLAN using the command adac voice-vlan x. 55 Troubleshooting ADAC Automatic Detection and Automatic Configuration (ADAC) may can encounter some detection and configuration errors that can be easily corrected. When ADAC is enabled. When the unit is reset. even if ADAC admin status is disabled or ADAC is in UTF mode. ADAC automatically creates the voice VLAN when needed. all VLAN settings manually made by user on ADAC uplink or telephony ports are dynamic and are not saved to non-volatile memory. these settings are lost. There is no requirement to create a voice VLAN manually.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 18 IP phone not detected Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .56 Troubleshooting ADAC Figure 17 Troubleshooting ADAC Navigation • • "IP phone is not detected" (page 56) "Auto configuration is not applied" (page 61) IP phone is not detected Correct an IP phone that is not being detected by ADAC. Work flow: IP phone not detected The following work flow assists you to resolve some detection issues.

Task flow: Correct filtering The following task flow assists you to correct the filtering.IP phone is not detected 57 Navigation • • • "Correct filtering" (page 57) "Reload ADAC MAC in range table" (page 58) "Reduce LLDP devices" (page 60) Correct filtering Configure the VLAN filtering allow ADAC. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Figure 19 Correct filtering Navigation • • "Confirming port belongs to at least one VLAN" (page 57) "Disabling VLAN filter unregistered frames" (page 58) Confirming port belongs to at least one VLAN View information to ensure the port belongs to a VLAN.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

Ensure no errors after command execution.58 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the show vlan interface info <port> command to view the details. Task flow: Reload ADAC MAC in range table The following task flow assists you place the ADAC MAC in the range table. Note the VLANs listed with the port. --End-- Disabling VLAN filter unregistered frames Change the unregistered frames filtering of the VLAN.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Reload ADAC MAC in range table Ensure the ADAC mac is properly loaded in the range table. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 2 Action Use the vlan ports <port> filter-unregistered-fram es enable command to view the details.. .

Procedure Steps Step 1 2 Action Follow local procedure to disconnect the phone. the MAC Addresses already learned on the respective port to be aged out. Follow local procedures to reconnect the phone. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. . --End-- Disabling and enabling the port Disable the ADAC on the port and then enable it to detect the phone.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .IP phone is not detected Figure 20 Reload ADAC MAC in range table 59 Navigation • • "Disconnecting and reconnecting phone" (page 59) "Disabling and enabling the port" (page 59) Disconnecting and reconnecting phone Remove the phone and the reconnect it to force a reload of the MAC in the range table. When disable and re-enable the port administratively.

Figure 21 Reduce LLDP devices Navigation • • "Viewing LLDP information" (page 61) "Reducing LLDP enabled devices" (page 61) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.60 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC. . More than 16 devices may cause detection issues. Use the adac enable <port> command to enable ADAC. Task flow: Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Reduce LLDP devices Reduce the number of LLDP devices.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Reducing LLDP enabled devices Disable the ADAC on the port and then enable it to detect the phone. Note if there are more than 16 LLDP enabled devices on the port. Use the adac enable <port> command to enable ADAC. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Auto configuration is not applied Correct some common issues that may interfere with auto configuration of devices. .Auto configuration is not applied 61 Viewing LLDP information Display the LLDP devices that are connected to a port. Procedure Steps Step 1 2 Action Use the show lldp port 1 neighbor command to identify the LLDP devices. Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC. Task flow: Auto configuration is not applied The following task flow assists you to solve auto configuration issues.

. In tagged frames mode.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. everything is configured correctly but auto configuration is not applied on a telephony port. Task flow: Correct auto configuration The following task flow assists you to correct the auto configuration.62 Troubleshooting ADAC Figure 22 Auto configuration is not applied Navigation • • "Correct auto configuration" (page 62) "Check status and number of devices" (page 64) Correct auto configuration Tagged frames mode may be causing the problem.

. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 Action Use the show adac command to display the ADAC information.Auto configuration is not applied Figure 23 Correct auto configuration 63 Navigation • • • "Viewing ADAC global status" (page 63) "Configuring another CS/UP" (page 64) "Replacing Unit" (page 64) Viewing ADAC global status Display the global status of ADAC.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

--End-- Check status and number of devices Auto configuration can stop being applied after a unit is removed from the stack. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .64 Troubleshooting ADAC 2 Note if the oper state is showing as disabled. Task flow: Check status and number of devices The following task flow assists you to correct the auto configuration. Procedure Steps Step 1 2 Action Use the adac uplink-port <port> command to assign the uplink port. --End-- Configuring another CS/UP Configuring another call server and uplink port can assist the auto configuration.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Refer to the unit replacement section in the Troubleshooting Hardware section in this document. Use the adac call-server-port <port> command to assign the call server port. Procedure Steps Step 1 2 Action Follow the replacement guidelines in the Nortel Ethernet Routing Switch 2500 Series — System Configuration (NN47215-500). --End-- Replacing Unit Replace unit to replicate configuration is AUR is enabled.

Auto configuration is not applied Figure 24 Check status and number of devices 65 Navigation • • • "Viewing ADAC port status" (page 65) "Reducing the number of devices" (page 66) "Disabling and enabling the port." (page 66) Viewing ADAC port status Display the status of ADAC on the port. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Use the adac enable <port> command to enable ADAC. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Note if the oper state is disabled and the number of devices connected. Administratively disable and enable to port to initialize configuration. --End-- Reducing the number of devices Configuring another call server and uplink port can assist the auto configuration. --End-- Disabling and enabling the port.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .66 Troubleshooting ADAC Procedure Steps Step 1 2 Action Use the show adac in <port> command to display the ADAC information for the port. Use the show adac in <port> command to display the ADAC information for the port to ensure there are less than 32 devices connected. Procedure Steps Step 1 2 Action Follow local procedures and SOP to reduce the number of devices connected. Procedure Steps Step 1 2 Action Use the no adac enable <port> command to disable ADAC. .

. Figure 25 Troubleshooting authentication Navigation • • • • "EAP client authentication " (page 68) "EAP multihost repeated re-authentication issue" (page 76) "EAP RADIUS VLAN is not being applied " (page 79) "Configured MAC is not authenticating" (page 87) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Work flow: Troubleshooting authentication The following work flow contains some typical authentication problems. The following work flow contains some common authentication problems. 67 Troubleshooting authentication Authentication issues can interfere with device operation and function. These situations are not dependant upon each other. .

68 Troubleshooting authentication • • • "NEAP RADIUS MAC not authenticating" (page 92) "NEAP MHSA MAC is not authenticating" (page 97) "EAP-NEAP unexpected port shutdown" (page 102) EAP client authentication This section provides troubleshooting guidelines for the EAP and NEAP features on the ERS 2500 Series devices. Work flow: EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .EAP client authentication Figure 26 EAP client is not authenticating 69 Navigation • • "Restore RADIUS connection" (page 70) "Enable EAP on The PC" (page 72) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Figure 27 Restore RADIUS connection Navigation • • "Getting correct RADIUS server settings for the switch" (page 71) "Viewing RADIUS information" (page 71) Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.70 Troubleshooting authentication • • "Apply the method" (page 73) "Enable EAP globally" (page 74) Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device Task flow: Restore RADIUS connection The following task flow assists you to restore the connection to the RADIUS server. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

EAP client authentication 71 • • "Configuring the RADIUS server settings" (page 71) "Pinging the RADIUS server" (page 72) Getting correct RADIUS server settings for the switch This section provides troubleshooting guidelines for obtaining the RADIUS server settings Procedure Steps Step 1 2 Action Obtain network information for the RADIUS server from the Planning and Engineering documentation. Refer to the vendor documentation for server configuration. --End-- Viewing RADIUS information To review the RADIUS server settings in the device.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Step 1 2 Action Use the show radius-server command to view the RADIUS server settings. Older servers may use 1645/UDP. The default server port is 1812/UDP. --End-- Configuring the RADIUS server settings The RADIUS server settings is to be set to be correct for the network. Follow vendor documentation to set the RADIUS server settings. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Reconfiguring the shared secret The shared secret is to be reset in case there was any corruption Procedure Steps Step 1 Action Use the radius-server key command. Follow vendor documentation to set the RADIUS authentication method MD5. Some older servers do not support UDP. .

Task flow: Enable EAP on the PC The following task flow assists you to ensure the PC network card has EAP enabled. --End-- Pinging the RADIUS server Ping the RADIUS server to ensure connection exists.72 Troubleshooting authentication 2 Refer to the vendor documentation for server configuration. Figure 28 Enable EAP on the PC Navigation • "Enabling EAP on PC network card" (page 72) Enabling EAP on PC network card The PC must have the correct hardware and configuration to support EAP. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Procedure Steps Step 1 2 Action Use the ping <server IP> command to ensure connection. --End-- Enable EAP on The PC The PC has to have an EAP enabled device that is correctly configured. Observe no packet loss to confirm connection.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Ensure card is enabled. . Ensure card is configured to support EAP. --End-- Apply the method The correct EAP method needs to be applied. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Figure 29 Apply the method Navigation • "Configuring the RADIUS server" (page 73) Configuring the RADIUS server The RADIUS server is to be configured to authenticate using MD5. Task flow: Apply the method The following task flow assists you to apply the correct EAP method.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .EAP client authentication 73 Procedure Steps Step 1 2 3 Action Reference vendor documentation for PC and network card.

74 Troubleshooting authentication Procedure Steps Step 1 2 Action Obtain Network information for Radius Server from Planning and Engineering. Figure 30 Enable EAP globally Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Enable EAP globally EAP is to be globally enabled on the ERS 2500 series device. Task flow: Enable EAP globally The following task flow assists you to enable EAP globally on the ERS 2500 series device. Save the information for reference.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally on the ERS 2500 series device. Observe no errors after the command execution. --End-- Viewing EAPOL settings The EAPOL settings is to be reviewed to ensure EAP is enabled. Procedure Steps Step 1 2 Action Use the eapol status auto command to change the port status to auto. Procedure Steps Step 1 2 Action Use the show eapol port <port#> command to display the information.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Setting EAPOL port administrative status to auto The port is to be included in the port list. Observe no errors after command execution. Observe the output.EAP client authentication 75 Navigation • • • "Enabling EAP globally" (page 75) "Viewing EAPOL settings" (page 75) "Setting EAPOL port administrative status to auto" (page 75) Enabling EAP globally The EAP is to be globally enabled on the ERS 2500 series device. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Figure 31 EAP multihost repeated re-authentication issue Navigation • • "Match EAP-MAC-MAX to EAP users" (page 76) "Set EAPOL request packet" (page 78) Match EAP-MAC-MAX to EAP users Lower the eap-mac-max to the exact number of EAP users that may soon enter when the number of authenticated users reaches the allowed maximum in order to halt soliciting EAP users with multicast requests. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.76 Troubleshooting authentication EAP multihost repeated re-authentication issue Eliminate the multiple authentication of users. EAP multihost repeated re-authentication issue The following work flow assists you to determine the cause and solution of an EAP multihost has repeated authentication.

Lowering EAP max MAC Lower the mac-max value to match the users. Figure 32 Match EAP-MAC-MAX to EAP users Navigation • • "Identifying number users at allowed max" (page 77) "Lowering EAP max MAC" (page 77) Identifying number users at allowed max Obtain the exact number of eap-users that may soon enter when the number of authenticated users reaches the allowed max.EAP multihost repeated re-authentication issue 77 Task flow: Match EAP-MAC-MAX to EAP users The following task flow assists you to match the EAP-MAC-MAX to the number of EAP users. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Action Use the show eapol multihost status command to display the authenticated users.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Set EAPOL request packet The following task flow assists you to set the EAPOL request packet for unicast. . --End-- Set EAPOL request packet Change the request packet generation to unicast. Observe no errors after execution.78 Troubleshooting authentication Procedure Steps Step 1 2 Action Use the eapol multihost eap-mac-max command to set the mac-max value. Figure 33 Set EAPOL request packet Navigation • • "Setting EAPOL request packet globally" (page 78) "Setting EAPOL request packet per port" (page 79) Setting EAPOL request packet globally Globally change the EAPOL request packet from multicast to unicast.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Observe no errors after execution. --End-- EAP RADIUS VLAN is not being applied Ensure that the RADIUS VLAN is applied correctly to support EAP. Work flow: EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN is applied. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Setting EAPOL request packet per port Change the EAPOL request packet from multicast to unicast for a specific port. Procedure Steps Step 1 2 Action Enter the interface configuration mode. Use the eapol multihost eap-packet-mode unicast command to set the EAPOL request packet to unicast for the interface.EAP RADIUS VLAN is not being applied 79 Procedure Steps Step 1 2 Action Use the eapol multihost eap-packet-mode unicast command to set the EAPOL request packet to unicast.

80 Troubleshooting authentication Figure 34 EAP Radius VLAN is not being applied Navigation • • "Configure VLAN at RADIUS " (page 80) "Configure switch" (page 82) Configure VLAN at RADIUS Correct any discrepancy at the RADIUS server for the VLAN information. Task flow: Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

. Procedure Steps Step 1 Action Obtain network information from Planning and Engineering documentation locate server information Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.EAP RADIUS VLAN is not being applied Figure 35 Configure VLAN at RADIUS 81 Navigation • • • "Getting correct RADIUS server settings" (page 81) "Viewing RADIUS information" (page 82) "Configuring RADIUS" (page 82) Getting correct RADIUS server settings This section provides troubleshooting guidelines to obtain what the RADIUS server settings are to be.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Use vendor documentation to make the required changes. Use vendor documentation to obtain settings display. Task flow: Configure switch The following task flow assists you to configure the VLAN on the device. • • • Configure switch Tunnel-Medium-Type – 802 Tunnel-Pvt-Group-ID – <VLAN ID> Tunnel-Type – Virtual LANs (VLAN) The VLAN has to be configured correctly on the ERS 2500 series device. --End-- Viewing RADIUS information Obtain the radius information to identify its settings. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Configuring RADIUS Configure the RADIUS server with the correct VLAN information. It is the same for all RADIUS vendors. There are three attributes that the RADIUS server sends back to the NAS(switch) for RADIUS assigned VLANs.82 Troubleshooting authentication 2 Obtain network information for RADIUS server. .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .EAP RADIUS VLAN is not being applied Figure 36 Configure switch task 83 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .84 Troubleshooting authentication Navigation • • • • • • • "Showing EAPOL multihost" (page 84) "Enabling use of RADIUS assigned VLANs" (page 85) "Showing EAPOL multihost interface" (page 85) "Showing VLAN config control" (page 85) "Changing VLAN config from strict to flexible" (page 86) "Showing spanning tree" (page 86) "Adding RADIUS assigned VLAN to desired STG" (page 86) Showing EAPOL multihost Identify the EAPOL multihost information. .

Note the state of Allow Use of RADIUS Assigned VLANs.EAP RADIUS VLAN is not being applied 85 Procedure Steps Step 1 2 Action Use the show eapol multihost command to display the multihost information. . Procedure Steps Step 1 2 Action Use the show eapol multihost interface <port#> command to display the interface information. Procedure Steps Step 1 2 Action Use eapol multihost use-radius-assigned-vlan command to allow the use of VLAN IDs assigned by RADIUS. --End-- Showing VLAN config control Display the VLAN config control information. --End-- Enabling use of RADIUS assigned VLANs Change the allow RADIUS assigned VLAN to enable. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Observe no errors after execution. --End-- Showing EAPOL multihost interface Display the EAPOL Interface. Note the status of ALLOW RADIUS VLANs. Procedure Steps Step 1 Action Use the show vlan config control command to display the information.

Procedure Steps Step 1 2 Action Use the show spanning-tree stp <1-8> vlans command to display the information. Observe no errors after execution. the EAP enabled port is moved to RADIUS assigned VLAN after EAP authentication succeeds. If the RADIUS assigned VLAN and the original VLAN are in the same STG. Identify if RADIUS assigned VLAN and original VLAN are in the same STG. --End-- Adding RADIUS assigned VLAN to desired STG Configure VLAN that was assigned by RADIUS to correct Spanning Tree Group.86 Troubleshooting authentication 2 Identify if config control is set to strict. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Showing spanning tree Display the VLANs added to the desired STG. . Procedure Steps Step 1 Action Use the spanning-tree stp <1-8> vlanscommand to make the change.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Changing VLAN config from strict to flexible Set the VLAN config control to flexible to avoid complications with strict. Procedure Steps Step 1 2 Action Use the vlan config control flexible command to set the VLAN config control to flexible.

. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Configured MAC is not authenticating Correct a MAC to allow authentication. Task flow: Configure the switch The following task flow assists you to ensure the MAC is authenticating on the ERS 2500 series device. Work flow: Configured MAC is not authenticating The following work flow assists you to determine the cause and solution of a configured MAC that does not authenticate as expected.Configured MAC is not authenticating 2 87 Review output to identify that the change was made.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 37 Configured MAC is not authenticating Navigation • "Configure the switch" (page 87) Configure the switch Configure the switch to ensure the correct settings are set to ensure the MAC is authenticating.

88 Troubleshooting authentication Figure 38 Configure the switch Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .Configured MAC is not authenticating 89 Navigation • • • • • • • • "Showing EAPOL port" (page 89) "Setting global EAP enabled and port at eap-auto" (page 90) "Showing EAPOL multihost" (page 90) "Enabling allow Non-EAPOL clients" (page 90) "Showing EAPOL multihost interface " (page 91) "Enabling multihost status and allow non-EAPOL clients " (page 91) "Showing EAPOL multihost non-eap-mac interface " (page 91) "Ensuring MAC in the list" (page 92) Showing EAPOL port Display the EAPOL port information Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. .

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Showing EAPOL multihost Display the EAPOL multihost information. Note that Allow Non-EAPOL clients is enabled. . --End-- Enabling allow Non-EAPOL clients Correct the Non-EAPOL client attribute. Use the eapol status auto command to change port status to auto. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- Setting global EAP enabled and port at eap-auto Make the corrections to ensure the settings as required.90 Troubleshooting authentication Procedure Steps Step 1 2 Action Use the command show eapol port <port> to display the port information. Note that EAP is to be enabled globally. Procedure Steps Step 1 Action Use the eapol multihost allow-non-eap-enable command to enable. and port at EAP is set to auto. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally. Procedure Steps Step 1 2 Action Enter the show eapol multihost command to display the information.

Configured MAC is not authenticating 2 91 Observe no errors after execution. Note the MAC is in the list. Procedure Steps Step 1 2 Action Enter the show eapol multihost non-eap-mac interface <port> command to display the information. Procedure Steps Step 1 2 Action Use the eapol multihost allow-non-eap-enable command to enable. --End-- Showing EAPOL multihost non-eap-mac interface Display the EAPOL multihost interface information. --End-- Showing EAPOL multihost interface Display the EAPOL multihost interface information. Note that Allow Non-EAPOL clients is enabled. Use the eapol multihost enable command to enable multihost status. Procedure Steps Step 1 2 3 Action Enter the show eapol multihost interface <port#> command to display the information. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Note that Multihost status is enabled. --End-- Enabling multihost status and allow non-EAPOL clients Correct the Non-EAP client attribute. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .

Use the eapol multihost non-eap-mac <H.H.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Work flow: NEAP RADIUS MAC not authenticating The following work flow assists you to determine the cause of and solution for a RADIUS MAC that does not authenticate.92 Troubleshooting authentication Ensuring MAC in the list Add the MAC to the list if the case it was omitted. Procedure Steps Step 1 2 Action Use the show eapol multihost non-eap-mac status <port> command to view mac addresses. .H> <port> command to add a mac address to the list. Figure 39 NEAP RADIUS MAC not authenticating Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. --End-- NEAP RADIUS MAC not authenticating Correct a NEAP RADIUS MAC that is not authenticating.

NEAP RADIUS MAC not authenticating 93 Navigation • • "Configure switch" (page 93) "RADIUS server configuration error" (page 96) Configure switch Correct switch configuration to correct issue with RADIUS MAC.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Figure 40 Configure switch Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: Configure switch The following task flow assists you to configure the ERS 2500 series device to correct the RADIUS MAC issue. .

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .94 Troubleshooting authentication Navigation • • • • • • • "Displaying EAPOL port" (page 94) "Setting global eap enabled and port at eap-auto" (page 95) "Displaying EAPOL multihost" (page 95) "Enabling RADIUS to authenticate non-EAPOL clients" (page 95) "Formatting non-EAPOL RADIUS password attribute" (page 96) "Displaying EAPOL multihost interface" (page 96) "Enabling RADIUS To Auth Non-EAP MACs" (page 96) Displaying EAPOL port Display the EAPOL port information for review. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Use the eapol status auto command to change port status to auto. Note the following: • • Use RADIUS To Authenticate NonEAPOL Clients is enabled Non-EAPOL RADIUS Password Attribute Format: IpAddr. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally.PortNumber --End-- Enabling RADIUS to authenticate non-EAPOL clients Make the required changes on the RADIUS server to authenticate Non-EAP clients.MACAddr. --End-- Displaying EAPOL multihost Display the EAPOL Multihost information for review. Procedure Steps Step 1 2 Action Enter the show eapol port multihost command to display the information. Note the global eap is enabled and port is eap-auto. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . --End-- Setting global eap enabled and port at eap-auto Make the required changes to ensure the settings are correct. Apply changes to RADIUS server using vendor documentation.NEAP RADIUS MAC not authenticating 95 Procedure Steps Step 1 2 Action Enter the show eapol port <port#> command to display the information. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

RADIUS server configuration error The RADIUS server requires that the correct MAC address and password for the ERS 2500 series device be configured. Procedure Steps Step 1 2 Action Enter the show eapol multihost interface <port#> command to display the information Verify the following: • Use RADIUS To Authenticate Non EAP MACs is enabled --End-- Enabling RADIUS To Auth Non-EAP MACs Make the required changes on the RADIUS server to authenticate Non-EAP clients.MACAddr. RADIUS server is to have the format changed to IpAddr.96 Troubleshooting authentication Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Apply changes to RADIUS server using vendor documentation. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Task flow: RADIUS server configuration error The following task flow assists you to configure the RADIUS server with the correct MAC and password.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .PortN umber. Displaying EAPOL multihost interface Display the EAPOL Multihost information for review.

Work flow: NEAP MHSA MAC is not authenticating The following work flow assists you to determine the solution for an MHSA MAC not authenticating. If it is not correct the ERS 2500 series device may not authenticate. Reference the vendor documentation for the RADIUS server NEAP MHSA MAC is not authenticating Ensure that the switch is configured correctly. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.NEAP MHSA MAC is not authenticating Figure 41 RADIUS server configuration error 97 Navigation • "Configuring MAC and password on RADIUS server" (page 97) Configuring MAC and password on RADIUS server The RADIUS server requires that the MAC and password for the ERS 2500 series device be correct.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .98 Troubleshooting authentication Figure 42 NEAP MHSA MAC is not authenticating Navigation • "Configure switch " (page 98) Configure switch Configure the switch to enable MHSA. Task flow: Configure switch The following task flow assists you to enable MHSA on the ERS 2500 series device. .

.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .NEAP MHSA MAC is not authenticating Figure 43 Configure switch 99 Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .100 Troubleshooting authentication Navigation • • • • • • "Showing EAPOL port" (page 100) "Setting global EAP enabled and port at eap-auto" (page 101) "Showing EAPOL multihost" (page 101) "Formatting non-EAPOL RADIUS password attribute" (page 101) "Showing EAPOL multihost interface" (page 102) "Enabling RADIUS to auth non-EAP MACs" (page 102) Showing EAPOL port Display the EAPOL port information for review. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.

Use vendor documentation to make required changes on RADIUS server to change the format to IpAddr. Note the following: • Use RADIUS To Authenticate NonEAPOL Clients is enabled --End-- Formatting non-EAPOL RADIUS password attribute Make the required changes on the RADIUS server to the password format. Note the global eap is enabled and port is eap-auto.PortNumber. Use the eapol status auto command to change port status to auto. --End-- Setting global EAP enabled and port at eap-auto Make the required changes to ensure the settings are correct. Procedure Steps Step 1 2 Action Use the eapol enable command to enable EAP globally. . Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks .NEAP MHSA MAC is not authenticating 101 Procedure Steps Step 1 2 Action Enter the show eapol port <port#> command to display the information.MACAddr. Procedure Steps Step 1 2 Action Enter the show eapol port multihost command to display the information. --End-- Showing EAPOL multihost Display the EAPOL Multihost information for review.

EAP-NEAP unexpected port shutdown Identify the reason for the port shutdown and make configuration changes to avoid future problems. .01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . Procedure Steps Step 1 2 Action Enter the show eapol multihost interface <port#> command to display the information. Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01. Work flow: EAP-NEAP unexpected port shutdown The following work flow assists you to determine the solution for EAP-NEAP ports experiencing a shutdown. Showing EAPOL multihost interface Display the EAPOL Multihost information for review.102 Troubleshooting authentication Enabling RADIUS to Authenticate NON-EAPOL Clients Make the required changes on the RADIUS server to authenticate Non-EAP clients. Apply changes to RADIUS server using vendor documentation. Note the following: • Allow Auto Non-EAP MHSA: Enabled --End-- Enabling RADIUS to auth non-EAP MACs Make the required changes on the RADIUS server to authenticate Non-EAP clients Apply changes to RADIUS server using vendor documentation.

EAP-NEAP unexpected port shutdown Figure 44 EAP-NEAP unexpected port shutdown

103

Navigation

"Configure switch" (page 103)

Configure switch
Configure ports to allow more unauthorized clients.

Task flow: Configure switch
The following task flow assists you to allow an increased number of unauthorized clients on the ports.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

104

Troubleshooting authentication

Figure 45 Configure switch

Navigation

• • • •

"Showing Logs" (page 104) "Showing EAP-NEAP clients on port" (page 105) "Showing EAPOL port information" (page 105) "Making changes" (page 105)

Showing Logs
Display log information for detailed information to provide any additional information.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

EAP-NEAP unexpected port shutdown

105

Procedure Steps Step
1 2

Action Use the show logging command to display the log. Observe the log output and note any anomalies.
--End--

Showing EAP-NEAP clients on port
Display EAP-NEAP client information on the port to provide additional information. Procedure Steps Step
1 2

Action Use the show mac-address-table command to show the clients on the port. Observe the log output and note any anomalies.
--End--

Showing EAPOL port information
Display EAPOL port information for detailed information to provide any additional information. Procedure Steps Step
1 2

Action Use the show mac-address-table command to show the clients on the port. Observe the log output and note any anomalies.
--End--

Making changes
This section provides troubleshooting guidelines for changing the EAP settings. It may clean up old MACs.

Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008
Copyright © 2008 Nortel Networks

.

106 Troubleshooting authentication Procedure Steps Step 1 2 3 Action Use the eap-force-unauthorised command to set the administrative state of the port to forced unauthorized. Use the shut/no shut commands in the Interface Exec Mode. Use the eapol status auto command to change to eap-auto to start. --End-- Ethernet Routing Switch 2500 Series Troubleshooting NN47215-700 01.01 Standard 30 April 2008 Copyright © 2008 Nortel Networks . .

.

and recommendations in this document are believed to be accurate and reliable. technical data. Printed in Canada Release: 4. produced or reproduced. the United States of America. modified. in whole or part. This document is protected by copyright laws and international treaties. the Nortel logo.Ethernet Routing Switch 2500 Series Troubleshooting Copyright © 2008 Nortel Networks All Rights Reserved. All information. *Nortel. Except as expressly authorized in writing by Nortel Networks. configurations.com The information in this document is subject to change without notice. . and India. www. displayed or transmitted. and the Globemark are trademarks of Nortel Networks. Users must take full responsibility for their applications of any products specified in this document. copied.1 Publication: NN47215-700 Document status: Standard Document revision: 01. copyrights and any other intellectual property rights contained in this document are the property of Nortel Networks. the holder is granted no rights to use the information contained herein and this document shall not be published. distributed. Sourced in Canada. in any form or media. The statements. go to www.nortel.nortel.com/documentfeedback.01 Document release date: 06 May 2008 To provide feedback or to report a problem in this document. . compiled. but are presented without express or implied warranty. All other trademarks are the property of their respective owners. translated.