We need to set up and collect several diagnostics. We also need to catch one of these events in "real time" with all the diagnostics and traces running. The full process is explicitly below:
1) From Extreme Managment Center - Select Control ->Access Control->Select Control appliance.
Right Click on Appliance and Select Webview
Proceed to diagnostic page on NAC - This may require a certificate exception
WebView > Diagnostics > Appliance/Server Diagnostics
2) Set the Diagnostic Levels for the (2) debugs listed below to "Verbose":
"Authentication Request Processing - EAC"
"Authentication Request Processing - RADIUS"
3) Scroll down to the lower left of the web page and click the "OK" button.
4) SSH into the NAC appliance and start a "ring buffer" trace:
tcpdump -i eth0 -n -s 0 -C 100 -W 10 not port 22 -w rotate.pcap &
5) After you see the issue occur again, kill the tcpdump pid, per the article How to Set Up a Background Ring-Buffer Trace on a Linux Appliance
6) Set the debug Diagnostic Levels on the NAC appliance back to the default "Log4j File Override" using WebView.
7) Offload the "/var/log/tag.log
", the "/var/log/radius/radius.log
" and all trace files (*.pcap) from the Control Appliance.
8) Export and send in any of the "NAC Appliance Events" logs. These are available on the XMC/Netsight Server
9) Please send in the above (2) files, along with the other debug logs and files noted in Step (7).