NOTE:
Because of an inconsistency between the Windows XP 802.1x supplicant timeout value and
the switch default timeout value, which is 5, when adding a backup RADIUS server, set the switch
radius-server timeout value to 4. Otherwise, the switch may not failover properly to the backup
RADIUS server.
RADIUS server fails to respond to a request for service, even though the server's IP
address is correctly configured in the switch
Use
show radius
to verify that the encryption key the switch is using is correct for the server being contacted. If
the switch has only a global key configured, it either must match the server key or you must configure a server-
specific key. If the switch already has a server-specific key assigned to the server's IP address, it overrides the
global key and must match the server key.
Global and unique encryption keys
Switch(config)# show radius
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 5
Retransmit Attempts : 3
Global Encryption Key : My-Global-Key
1
Dynamic Authorization UDP Port : 3799
Auth Acct DM/ Time
Server IP Addr Port Port CoA Window Encryption Key
--------------- ---- ---- --- ------ ---------------
10.33.18.119 1812 1813 119-only-key
2
•
1
Global RADIUS Encryption Key
•
2
Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119
MSTP and fast-uplink problems
CAUTION:
If you enable MSTP, Hewlett Packard Enterprise recommends that you leave the remainder of the
MSTP parameter settings at their default values until you have had an opportunity to evaluate MSTP
performance in your network. Because incorrect MSTP settings can adversely affect network
performance, you should avoid making changes without having a strong understanding of how MSTP
operates. To learn the details of MSTP operation, see the IEEE802.1s standard.
Broadcast storms appearing in the network
This can occur when there are physical loops (redundant links) in the topology. Where this exists, you should
enable MSTP on all bridging devices in the topology to detect the loop.
STP blocks a link in a VLAN even though there are no redundant links in that VLAN
In 802.1Q-compliant switches, MSTP blocks redundant physical links even if they are in separate VLANs. A
solution is to use only one, multiple-VLAN (tagged) link between the devices. Also, if ports are available, you can
improve the bandwidth in this situation by using a port trunk. See "Spanning Tree Operation with VLANs" in
"Static Virtual LANs (VLANs)" in the advanced traffic management guide for your switch.
468
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08