Nac appliance connection problem after upgrading to

  • 0
  • 1
  • Problem
  • Updated 6 months ago
  • Not a Problem
Hi all,

I have upgraded nac appliance from version to , which was running on an Extreme Access Control IA–A–20 hardware , by following steps described at 

After the upgrade I can only access the appliance from console. I can also ping but however cannot connect through SSH, web interface or Netsight.


Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb

Posted 7 months ago

  • 0
  • 1
Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb
Any ideas ?
Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb
Is version supported on IA–A–20 ? 
Photo of Stephen McGuire

Stephen McGuire

  • 750 Points 500 badge 2x thumb
I'd really like to know the answer to that question.

Photo of Chacko


  • 1,206 Points 1k badge 2x thumb
I remembered there was something in the release notes:
When upgrading to Management Center NAC Manager 8.0, you are required to
upgrade your Access Control engine version to 7.1.2 or 8.0. Additionally, both
Management Center NAC Manager and the Access Control engine must be at
version 8.0 in order to take advantage of the new Access Control 8.0 features.
Maybe that's the issue

Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb
running EMC version is
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 42,280 Points 20k badge 2x thumb
Easy, it's still in the pricelist so it's supported.

I've no experience with a hardware NAC but I'd have done a little bit more then following the guide you've mentioned.

First of all I'd never jump a major release, I'd upgrade from 6 to 7 and then to 8.
Also I'd read/follow the release notes and the documents that are mentioned there.

If you don't follow the rules something like that could happen - I've  killed my VM NAC last time during the v8 upgrade because I didn't read the release notes.
The file for the required OS upgrade to v8 is very large and could take a while if the uplink is slow, I thought the process was finished and hit ctrl-c .... it wasn't and that was the end of my NAC.

The easy thing about a VM NAC - just install the .ova from scratch and set the basic parameters and then sync it and you are good to go.

Photo of Brian Anderson

Brian Anderson

  • 538 Points 500 badge 2x thumb
I recently upgraded from 6.2 to 8 on an A20.  Did the interim update to 7.1 in the process and SSH etc works.  Only issue was netsight was still running on 80 and 443, had to change to the default 8080 and 8443 before I could enforce from Nac Manager. 
Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb
Before the upgrade I did read the document Upgrading to Extreme Access Control 8.0 . Just at the beginning of this document it writes:
This document provides information on upgrading from NAC 6.2, and NAC 6.3 to Extreme Access Control 8.0, including requirements and instructions for upgrading the software on your Access Control Gateway engines.
Then it describes the requirements and steps to upgrade the engine software. It is totally 13 page document and I could not see anything that mentions about an interim upgrade. 

I have also read Extreme Management Center Customer Release Notes where it was writing:

If you are upgrading from a NetSight/Management Center version prior to 7.1, you must perform an intermediate upgrade.
But I understand that the statement is just for Netsight, not for NAC.

Please correct me if I am I wrong.
Photo of Matthew Hum

Matthew Hum

  • 362 Points 250 badge 2x thumb
wouldn't it just be easier to wipe and reinstall the Os/firmware?

if you really want to troubleshoot this, check that the services are running, and things are listening accordingly. SSH uses the standard sshd daemon, so you should be able to netstat -an |grep 22 and verify that it is listening on that port. if you still cannot connect you can always try to run tcpdump and verify that a connection is getting established.
you can also run your client in debug mode to verify key exchange and identify if the problem is connectivity, or something like a key exchange issue (or even wrong credentials).
Photo of Yakup Erdol

Yakup Erdol

  • 590 Points 500 badge 2x thumb

I installed version of NAC and Netsight three weeks ago. Because not just NAC has issues at version, but also Netsight web management was not working properly either.

Thanks all