Reset Search
 

 

Article

NAC Troubleshooting Tips - How to Isolate "Loss of Contact to RADIUS Server" Errors Logged in NAC Manager

« Go Back

Information

 
TitleNAC Troubleshooting Tips - How to Isolate "Loss of Contact to RADIUS Server" Errors Logged in NAC Manager
Objective
Isolate "Loss of Contact to RADIUS Server" Errors logged in NAC Manager.  
Environment
  • All Extreme Management Center platforms
  • All NAC Manager platforms
Procedure
We need to set up and collect several diagnostics. We also need to catch one of these events in "real time" with all the diagnostics and traces running. The full process is explicitly below:

1) In NAC Mgr right click on the NAC appliance and select WebView > Diagnostics > Appliance/Server Diagnostics

2) Set the Diagnostic Levels for the (2) debugs listed below to "Verbose":
"Authentication Request Processing - NAC"
"Authentication Request Processing - RADIUS"

3) Scroll down to the lower left of the web page and click the "OK" button.

4) SSH into the NAC appliance and start a "ring buffer" trace:
tcpdump -i eth0 -n -s 0 -C 100 -W 10 not port 22 -w rotate.pcap &

5) After you see the issue occur again, kill the tcpdump pid, per the article How to Set Up a Background Ring-Buffer Trace on a Linux Appliance

6) Set the debug Diagnostic Levels on the NAC appliance back to the default "Log4j File Override" using WebView.

7) Offload the "/var/log/tag.log", the "/var/log/radius/radius.log" and all trace files (*.pcap) from the NAC Appliance.

8) Export and send in any of the "NAC Appliance Events" logs that show NAC was unable to communicate with the RADIUS server(s). (To export the events: Highlight any event in the table, right click on the event, and then select "Table Tools" -> "Export".) Please export these twice, once in CSV format and once in HTML format

9) Please send in the above (2) files, along with the other debug logs and files noted in Step (7).
Additional notes
In addition to the steps outlined above, which are all from the NAC perspective, a ring-buffer trace can also be set up on the back-end RADIUS Server and capture concurrently. To ensure that the traces on the NAC and those captured on the back-end RADIUS Server are synchronized, the NAC and the back-end RADIUS both must be set up with NTP and pointing at the same NTP Server.

An updated version of this article is available for the XMC Web GUI -> NAC Troubleshooting Tips (Control) - How to Isolate "Loss of Contact to RADIUS Server" Errors Logged in Extreme Management Center

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255