Reset Search
 

 

Article

NAC Troubleshooting Tips - Debug Methodology For OS Detection and OS Fingerprinting

« Go Back

Information

 
TitleNAC Troubleshooting Tips - Debug Methodology For OS Detection and OS Fingerprinting
Objective
Determine why NAC End System OS Information is missing or inaccurate, per the Device Type and Device Family columns in NAC Manager's events.
Environment
  • All NAC Platforms
  • OS fingerprint detection
Procedure
1) In NAC Mgr right click on the appliance and select "WebView"
 
2) Click on "Diagnostics", then "Appliance/Server Diagnostics"
 
3) Set these (4) debugs to Diagnostic Level:  "Verbose”:
  • DHCP
  • OS Detect
  • OS Detect Failures
  • OS Name Resolution

4). Scroll down in the web page and click “OK”.

5)  SSH into the NAC appliance and type:
tcpdump -i eth0 -s 0 -w dhcp.pcap udp port 67

6) Connect the test End System to the switch or wireless AP then perform a dhcp release / renew of the End System’s IP address.  
 
7) Leave the debug running as long as you need until you see the test End System from which you released and renewed the IP of show up in NAC Manager with missing  or inaccurate OS information.   Re-create the issue being seen.

8)  Stop the tcpcump using "ctrl-c" For more information on tcpdumps, please review the following link:

 NAC Troubleshooting Tips - common tcpdump commands used for isolating issue

9)  In NAC Manager, locate the test End System and export the End System “Events “ for this device to HTML format, per below instructions:
  
To export the End System Events, highlight the End System under the End Systems tab then in the middle “pane” (middle of the NAC Manager screen) under the “End System Events” tab highlight any event and right click on the event then select Table Tools, Export.  ***Please export to HTML format***  

 10)  Open a case with GTAC and send in the /var/log/tag.log from the NAC appliance, the exported End System Events / HTML file from step 9, and the pcap from the tcpdump in step 5.

11)  Provide GTAC with the MAC Address of the test End System.
 
12) Using the WebView login to the NAC appliance and be sure to reverse the steps for the enabled debugs and place them back to the defaults, Log4j File Override.

13.  Send in the NAC database, as exported from NAC Manager:   

In NAC Manager go to File, Database, Backup NAC Configuration. The backup file will be on the "NetSight" server in the path listed there when you perform the backup.  Zip that file and also send to GTAC.
 


 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255