Extreme Control - RADIUS Authentication Failures After Adding New Switch "Ignoring request to authenticate from unknown client"
A new switch has been added to an existing Control configuration and the Control appliances have been Enforced.
Authentications requests are being dropped and the radius.log and tag.log report the following:
Error: Ignoring request to authentication from unknown client
Error: Ignoring request to authentication address <CLIENT_IP> port 1812 from unknown client <NEW_SWITCH_IP> port 1645
The nacstatus "NAC Thread Pool Details"Reauthentication Service, SNMP Manager Refresh and Switch Configuration.
Several switches are currently down or unreachable via SNMP.
The newly configured switch is not listed in the clients.conf file on the Control appliance following Enforce.
Extreme Control (NAC)
All Software Releases
Software Releases 6.x, 7.x and 126.96.36.199 or earlier
One or more dependent thread pools have deadlocked or are processing a queue of incoming requests. A newly added switch may not be correctly provisioned following enforce under these conditions triggering the "unknown client" messages above.
Restart the Extreme Control services via root CLI using the command below followed by re-enforcement of the appliance.
firstname.lastname@example.org:/$ nacctl restart
The unknown client condition above is a general symptom of an underlying failure that can result in many different outcomes when thread locking or queuing occurs.