Client can not pass LAN Enforcer's authentication from specific switch.
In LAN Enforcer's debug kernel log, there is "Invalid signature from switch xxx.xxx.xxx.xxx" error message from that specific switch's IP address "xxx.xxx.xxx.xxx" .
This error message is caused by LAN Enforcer and switch have different Shared Secret key. So LAN Enforcer validates the package as failure from that switch.
Verify the Shared Secret on LAN Enforcer: 1. Login the LAN Enforcer by ssh 2. Enter following commands to check the current SharedSecret key which LAN Enforcer used: Enforcer# Debug Enforcer# show file ServerProfile.1.xml 3. Search the following content according to switch's IP address: <SwitchProfile Enable="1" ForwardOtherProtocol="1" FriendlyName="Switch" Model="CISCO" RadiusId="1F7B107073110E3201192F0D570D538F" ReauthTimeout="60" SharedSecret="symantec"> <Switch FriendlyName="xxx.xxx.xxx.xxx" IpAddress="xxx.xxx.xxx.xxx"/> 4. The SharedSecret key is in plain text. 5. Make sure the SharedSecret key is same as the key set on switch.
Imported Document ID: TECH172512
Subscribing will provide email updates when this Article is updated. Login is required.