Reset Search
 

 

Article

NAC Troubleshooting Tips (Control) - How to Isolate "Loss of Contact to RADIUS Server" Errors Logged in Extreme Management Center

« Go Back

Information

 
TitleNAC Troubleshooting Tips (Control) - How to Isolate "Loss of Contact to RADIUS Server" Errors Logged in Extreme Management Center
Objective
Isolate "Loss of Contact to RADIUS Server" Errors logged
Environment
  • XMC
  • Extreme Management Center
  • Control
  • EAC
Procedure

We need to set up and collect several diagnostics. We also need to catch one of these events in "real time" with all the diagnostics and traces running. The full process is explicitly below:

1) From Extreme Managment Center - Select Control ->Access Control->Select Control appliance.
     Right Click on Appliance and Select Webview
     Proceed to diagnostic page on NAC - This may require a certificate exception
      WebView > Diagnostics > Appliance/Server Diagnostics

2) Set the Diagnostic Levels for the (2) debugs listed below to "Verbose":
"Authentication Request Processing - EAC"
"Authentication Request Processing - RADIUS"

3) Scroll down to the lower left of the web page and click the "OK" button.

4) SSH into the NAC appliance and start a "ring buffer" trace:
 

tcpdump -i eth0 -n -s 0 -C 100 -W 10 not port 22 -w rotate.pcap &
5) After you see the issue occur again, kill the tcpdump pid, per the article How to Set Up a Background Ring-Buffer Trace on a Linux Appliance

6) Set the debug Diagnostic Levels on the NAC appliance back to the default "Log4j File Override" using WebView.

7) Offload the "/var/log/tag.log", the "/var/log/radius/radius.log" and all trace files (*.pcap) from the Control Appliance.

8) Export and send in any of the "NAC Appliance Events" logs. These are available on the XMC/Netsight Server under /usr/local/Extreme_Networks/Netsight/appdata/logs/nacApplianceEvents.log

9) Please send in the above (2) files, along with the other debug logs and files noted in Step (7).
Additional notes
In addition to the steps outlined above, which are all from the Control appliance perspective perspective, a ring-buffer trace can also be set up on the back-end RADIUS Server and capture concurrently. To ensure that the traces on the Control and those captured on the back-end RADIUS Server are synchronized, the  Control appliance and the back-end RADIUS both must be set up with NTP and pointing at the same NTP Server.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255