RADIUS requests/responses
tcpdump –i eth0 port 1812
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
To capture the packets:-
tcpdump –i eth0 –s 0 –w capture.pcap (End capture with “Control+C”)
NAC Device Help (type nachelp):
Extreme Networks NetSight NAC Device Help
/var/log/tag.log – NAC Log File
/var/log/syslog – System Log File
/var/log/message – System Info
/var/log/radius/* – RADIUS Logs
/var/log/squid/* – Squid Logs
/etc/resolv.conf – DNS Configuration
nacdb NAC Database Script
naccapture Protocol-specific packet capture
nacstatus General NAC Appliance Status
nacreinitializedb Deletes NAC database, restarts appliance
nacconfig Configures Network
nacradiuslogging enable|disable Enable/disable NAC RADIUS logging
nacctl start|stop|restart Start/stop/restart NAC processes
aglsctl start|stop|restart Start/stop/restart agentless assessment
/opt/nac/configMgmtIP <ip> Set management server IP address
CTRL+ALT+<F1-F4> provides access to multiple login shells.
NAC Troubleshooting Tips:
Common Trace examples:
Switch-Port Information:
WebView:
https://IP_CONTROL_APPLIANCE:8443 (admin/Extreme@pp)
XMC Show Support:
Administration>Diagnostics>Generate Show Support
Files stored in following folder…
/usr/local/Extreme_Networks/NetSight/appdata/ShowSupport
Data and Time:
Check the date and time by typing date command on CLI.
Note: Clock skews can affect authentication if the clock has drifted too far.
explorerob's Blog 