Wireless (General)

  • 1.  NAC Unable to reach the appliance

    Posted 05-25-2016 09:16
    Hello, everybody!

    I have installed NAC in a virtual machine and the installation process completed successfully. I have installed NAC license and can ping address of the machine from everywhere. However, from Netsight server I can't get access to NAC appliance using NAC console. The NAC Appliance is accessible over http:\x.x.x.x:8080 and :8443

    How can I use this sophisticated software??? Please, help! The only reason to use NAC is ExtremeWifi can't provide (Out-of-box, I mean) authentications for users when client has more than 1 Active Directory Domain!!!

    Please, take a look at the picture below. I get this message and don't know what to do.

    Many thanks in advance,

    Ilya





  • 2.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 09:20
    During the initial setup of the NAC you'd need to set certain parameters like Netsight IP, SNMP community...

    Then you'd need to add the NAC to the Netsight console as a device with this SNMP parameters so Netsight could communicate via SNMP to the NAC.

    Have you done that ?


  • 3.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 09:20
    Just to clarify, SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection. SNMP can be used to monitor the NAC from NetSight Console, if so desired, but this is optional when adding a new NAC to NAC Manager and has no bearing on NAC appliance / NAC Manager communication.


  • 4.  RE: NAC Unable to reach the appliance



  • 5.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 09:59
    Hello,

    SNMP is not used to manage a NAC appliance from NAC Manager, but rather, a secure TCP connection. Please make sure these ports are open between the NAC and NetSight server:

    https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Appliance-is-red-in-NAC-Manager/

    Also make sure the credentials havnt been changed prior to adding a new NAC:

    https://gtacknowledge.extremenetworks.com/articles/Solution/New-NAC-Appliance-Green-in-NetSight-Cons...

    If you continue to have issues you should open a case with the Extreme GTAC.

    Regards,

    Scott Keene


  • 6.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 12:20
    Gentlemen,

    there is one more question appeared: how can I check whether NAC was properly installed?

    I've found a lot of useful command to be executed over CLI, try to connect to my NAC over SSH and can't execute them, for example:

    root@nac:~# nacconfig
    nacconfig: command not found

    Please, take a look at this:

    root@nac:~# find.
    ./NetSight
    ./NetSight/Console
    ./NetSight/Console/Options
    ./NetSight/.netsightLogin
    ./NetSight/Options
    ./.bash_history
    ./.vimrc
    ./.ubuntu-postinst.sh
    ./.profile
    ./.cache
    ./.cache/motd.legal-displayed
    ./.bashrc
    ./scripts
    ./scripts/webserviceclient.php
    ./scripts/nacstatus
    ./scripts/nachelp
    ./scripts/isEarlier
    ./scripts/connTest.php
    ./scripts/echoTagConfig.php
    ./scripts/managelogs
    ./scripts/naccapture
    ./scripts/wsCall.php
    ./scripts/expandLVM.sh
    ./firmware
    ./firmware/images
    ./.aptitude
    ./.aptitude/cache
    ./.aptitude/config
    ./.java
    ./.java/fonts
    ./.java/fonts/1.7.0_79
    ./.java/fonts/1.7.0_79/fcinfo-1-nac-Ubuntu-12.04-en.properties
    ./.postinstall
    root@nac:~#

    AND at this also...(below). Is everything OK with my NAC installation?

    root@nac:~# nacstatuscat: /usr/local/Extreme_Networks/nac/mgmtServerIP: No such file or directory
    cat: /usr/postinstall/network.properties: No such file or directory
    cat: /usr/postinstall/network.properties: No such file or directory

    #-------------------------------------------------------------------------------
    # NAC Status
    #-------------------------------------------------------------------------------

    NAC Device Type: NSV
    NAC Device Version: 6.3.0.179
    NAC OS Version: Ubuntu 12.04lts (64bit)
    Management IP:

    PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
    PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
    ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
    Unable to retrieve credentials to run Connectivity Test.

    #-------------------------------------------------------------------------------
    # NetSight Server Name Resolution
    #-------------------------------------------------------------------------------

    Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

    #-------------------------------------------------------------------------------
    # NAC Server Name Resolution
    #-------------------------------------------------------------------------------

    Cound not find ApplianceConfiguration.xml in /usr/local/Extreme_Networks/nac/server/config

    #-------------------------------------------------------------------------------
    # Communications Diagnostics
    #-------------------------------------------------------------------------------

    PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
    PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
    ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
    Unable to retrieve credentials to run Connectivity Test.

    #-------------------------------------------------------------------------------
    # Appliance License and Capacity Diagnostics
    #-------------------------------------------------------------------------------

    PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
    PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
    ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
    Unable to retrieve credentials to run Connectivity Test.

    #-------------------------------------------------------------------------------
    # Distributed Cache Diagnostics
    #-------------------------------------------------------------------------------

    PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
    PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
    ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
    Unable to retrieve credentials to run Connectivity Test.

    #-------------------------------------------------------------------------------
    # Process Status
    #-------------------------------------------------------------------------------

    PHP Warning: fopen(/usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml): failed to open stream: No such file or directory in /root/scripts/wsCall.php on line 57
    PHP Warning: filesize(): stat failed for /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml in /root/scripts/wsCall.php on line 58
    ERROR: Unable to read file: /usr/local/Extreme_Networks/nac/server/config/ApplianceConfiguration.xml
    Unable to retrieve credentials to run Connectivity Test.

    #-------------------------------------------------------------------------------
    # Most Recent Errors from /var/log/syslog
    #-------------------------------------------------------------------------------

    #-------------------------------------------------------------------------------
    # Most Recent Actions from /var/log/watchdog.log
    #-------------------------------------------------------------------------------

    tail: cannot open '/var/log/watchdog.log' for reading: No such file or directory

    #-------------------------------------------------------------------------------
    # Most Recent Errors from /var/log/tag.log
    #-------------------------------------------------------------------------------

    tail: cannot open '/var/log/tag.log' for reading: No such file or directory

    #-------------------------------------------------------------------------------
    # Most Recent Errors from /var/log/radius/radius.log
    #-------------------------------------------------------------------------------

    tail: cannot open '/var/log/radius/radius.log' for reading: No such file or directory

    #-------------------------------------------------------------------------------
    # ProxyRedirect status
    #-------------------------------------------------------------------------------

    ProxyRedirector threads running: 0

    #-------------------------------------------------------------------------------
    # NetSight server status
    #-------------------------------------------------------------------------------

    Checking Status of Network Access Control & Network Access Control RADIUS Server:
    Network Access Control Server is NOT running...
    Network Access Control RADIUS Server is NOT running...

    Run '/sbin/nacctl restart'.

    #-------------------------------------------------------------------------------
    # Hostname Information
    #-------------------------------------------------------------------------------

    Hostname: nac.spbstu.ru
    #
    # hosts This file describes a number of hostname-to-address
    # mappings for the TCP/IP subsystem. It is mostly
    # used at boot time, when no name servers are running.
    # On small systems, this file can be used instead of a
    # "named" name server. Just add the names, addresses
    # and any aliases to this file...
    #
    # By the way, Arnt Gulbrandsen


  • 7.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 12:33
    It sounds like this isnt really a NAC appliance if the nacconfig isnt working and the directories are missing. You should re-iso the appliance in this case.

    -Scott


  • 8.  RE: NAC Unable to reach the appliance

    Posted 05-25-2016 12:33
    ..or somehow it has become corrupt. I would not use it and re-iso.



  • 9.  RE: NAC Unable to reach the appliance

    Posted 05-26-2016 11:51
    Many thanks to everybody!

    I have installed the NAC, the licenses were also applied, now it's green at the console tree.

    Now the task is configure authentication for users in two AD domains using Internal Captive Portal on C5210 and MS RADIUS (NPS).