XMC NAC Troubleshooting

RADIUS requests/responses

tcpdumpi eth0 port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

To capture the packets:-

tcpdump –i eth0 –s 0 –w capture.pcap (End capture with “Control+C”)

NAC Device Help (type nachelp):

Extreme Networks NetSight NAC Device Help
/var/log/tag.log                – NAC Log File
/var/log/syslog                 – System Log File
/var/log/message                – System Info
/var/log/radius/*               – RADIUS Logs
/var/log/squid/*                – Squid Logs
/etc/resolv.conf                – DNS Configuration

nacdb                           NAC Database Script
naccapture                      Protocol-specific packet capture
nacstatus                       General NAC Appliance Status
nacreinitializedb               Deletes NAC database, restarts appliance
nacconfig                       Configures Network
nacradiuslogging enable|disable Enable/disable NAC RADIUS logging
nacctl start|stop|restart       Start/stop/restart NAC processes
aglsctl start|stop|restart      Start/stop/restart agentless assessment
/opt/nac/configMgmtIP <ip>      Set management server IP address

CTRL+ALT+<F1-F4> provides access to multiple login shells.

NAC Troubleshooting Tips:

https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-Debug-methodology-for-Authentication-issues/?q=nac+tips&l=en_US&fs=Search&pn=1

Common Trace examples:

https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-common-tcpdump-commands-used-for-isolating-issue?q=nac+tips&l=en_US&fs=Search&pn=1

Switch-Port Information:

https://gtacknowledge.extremenetworks.com/articles/How_To/NAC-Troubleshooting-Tips-Debug-Methodology-for-Switch-Port-Information/?q=nac+tips&l=en_US&fs=RelatedArticle

WebView:

https://IP_CONTROL_APPLIANCE:8443   (admin/Extreme@pp)

XMC Show Support:

Administration>Diagnostics>Generate Show Support

Files stored in following folder…

/usr/local/Extreme_Networks/NetSight/appdata/ShowSupport

Data and Time:

Check the date and time by typing date command on CLI.

Note: Clock skews can affect authentication if the clock has drifted too far.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s