We need to set up and collect several diagnostics. We also need to catch one of these events in "real time" with all the diagnostics and traces running. The full process is explicitly below:
1) In NAC Mgr right click on the NAC appliance and select WebView > Diagnostics > Appliance/Server Diagnostics
2) Set the Diagnostic Levels for the (2) debugs listed below to "Verbose":
"Authentication Request Processing - NAC"
"Authentication Request Processing - RADIUS"
3) Scroll down to the lower left of the web page and click the "OK" button.
4) SSH into the NAC appliance and start a "ring buffer" trace:
tcpdump -i eth0 -n -s 0 -C 100 -W 10 not port 22 -w rotate.pcap &
5) After you see the issue occur again, kill the tcpdump pid, per the article How to Set Up a Background Ring-Buffer Trace on a Linux Appliance
6) Set the debug Diagnostic Levels on the NAC appliance back to the default "Log4j File Override" using WebView.
7) Offload the "/var/log/tag.log", the "/var/log/radius/radius.log" and all trace files (*.pcap) from the NAC Appliance.
8) Export and send in any of the "NAC Appliance Events" logs that show NAC was unable to communicate with the RADIUS server(s). (To export the events: Highlight any event in the table, right click on the event, and then select "Table Tools" -> "Export".) Please export these twice, once in CSV format and once in HTML format
9) Please send in the above (2) files, along with the other debug logs and files noted in Step (7).