Reset Search
 

 

Article

NAC Troubleshooting Tips - Debug methodology for Captive Portal Issues

« Go Back

Information

 
TitleNAC Troubleshooting Tips - Debug methodology for Captive Portal Issues
Objective
To be able to debug Captive Portal Issues
Environment
Netsight NAC Manager
Procedure

Prior to debugging, first take a tcpdump from the NAC appliance to make sure it is actually seeing the web trafffic, if it is not, you have a port redirect issue, addressed elsewhere. You can also use what we call 'direct dial' from the client or NAC Manager and go directly to the NAC IP to see if you get a Portal Web Page. For more on tcpdump's see NAC Troubleshooting Tips - common tcpdump commands used for isolating issue

To use Debugging in NAC to troubleshoot Captive Portal issues.

1. Right click the NAC appliance in NAC manager and select "Webview" > "Diagnostics" > "Appliance/Server Diagnostics" 

2. Enable "Verbose" diagnostics for these debugs:

Authentication Request Processing - NAC 
Reauthentication 
Captive portal - Authentication
Captive Portal - Process and Configuration
Captive portal - Display
Captive portal - Registration and Remediation
IP Resolution
LDAP

3.  At the bottom  of the diagnostic web page click "OK". 

4.  SSH into the NAC appliance and start a tcpdump that filters on the IP address of the End System, as follows:

tcpdump -i eth0 -s 0 -w portal.pcap host x.x.x.x     (where x.x.x.x is the IP address of the test End System...and where eth0 is the applicable appliance interface)

5. Reproduce the issue you are reporting.

6.  Once completed testing please make sure to disable diagnostics by going back into Webview and hitting the "Reset defaults" button on the bottom. Note the time the issue happened to be able to reflect in logs.  Stop the tcpdump using ctrl-c.

7. Gather in the /var/log/tag.log, var/log/syslog, the /var/log/messages, the /var/log/radius/radius.log, and the .pcap (from step 4) from the NAC appliance

8.  In NAC Manager go to File, Database, Backup NAC Configuration. The backup file will be on the NetSight server in the path listed there. 

9.  From OneView go to Administration, Diagnostics, Support, Generate Show Support, Start (at the top). When finished this file will also be on the NetSight server in the given path. See the below link for more elaborate instructions:

     How to generate a show support from Oneview

10.  Use WinSCP or other SCP/SFTP client to upload files locally from the NAC and Netsight Servers.

11.   In NAC Manager, locate the test End System and export the End System “Events “ for this device to HTML format., per below: 

 To export the End System Events, highlight the End System under the End Systems tab then in the middle “pane” (middle of the NAC Manager screen) under the “End System Events” tab highlight any event      and right click on the event then select Table Tools, Export. ***Please export to HTML format*** 
 

Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255