Reset Search
 

 

Article

Troubleshooting a NAC/Control Captive Portal not responding to web traffic

« Go Back

Information

 
TitleTroubleshooting a NAC/Control Captive Portal not responding to web traffic
Objective
  • This document discusses how to troubleshoot NAC  or Control appliance not responding to Web Portal traffic being directed to it.
  • Assumes that one can 'direct dail' or type in the IP of the NAC to browser and can connect, but redirected traffic to it does not work.
  • Assumes that the redirection method is "PBR", where the NAC receives internet bound traffic with a destination IP address that it does not own.
Environment
  • NAC Appliance
  • Netsight
  • Extreme Management Center
  • Control Appliance
Procedure

First, gather a tcpdump of the traffic to the portal to verify that TCP port 80 traffic is being seen on the NAC's interface, for reference, review
NAC Troubleshooting Tips - common tcpdump commands used for isolating issue
The case where an unknown entity, such as a firewall, has altered the traffic should be ruled out before continuing with this article.

The traffic you're attempting to identify is traffic sourced from the test client that has a destination MAC address of the NAC interface, and destination IP address of "the internet". PBR has redirected internet bound traffic to the NAC and does not modify the destination IP address.

Once this traffic has been identified gather the following output from the affected NAC appliance:
  1. SSH to the affected NAC appliance
  2. Run the command: 
    /opt/squid/bin/squidclient mgr:info
  3. Next run the following command to resolve the issue:
    /opt/squid/sbin/squid -k rotate -f /opt/nac/captive_portal/conf/squid/squid.conf
    This command will restart the redirector processes and recycle the swap.state file
  4. Verify this has restore services

Gather the output above and the following directories/files and provide them to GTAC:
Output of the following commands: 
iptables -L -t nat
/opt/squid/sbin/squid -v
ps auwwx | grep squid
Files from the following locations: 
/opt/squid/var/cache (entire directory)
/var/log/squid (entire directory)
/opt/nac/captive_portal/conf/ (entire directory)

Log a ticket with GTAC with this information

For WinSCP use, please review How to use WinSCP to copy files to and from a Netsight / Extreme Control Center Appliance





 
Additional notes
If the above procedure does not fix the issue, gather all relevant data and run the following command
 
/etc/init.d/proxy restart

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255