NAC Reporting Losing contact with Switch: SNMP unreachable

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hi All

Perhaps someone can direct me in the correct way here.
We have a virtual NAC,NMS and V2110 controller deployed at a client.

The clients site consists of three vlans, a Server vlan, a Management vlan and a Client vlan.
The NAC and NMS is located in the Server subnet.

All network devices is discoverd in Netsight on the Management subnet. (All switches has a interface in the management Vlan, including the management port of the V2110 controller)

When clients connect to the Wireless AP's they authenticate to the NAC using MAC Auth.
The client would authenticate and NAC would then return the correct ROLE for the client.
Based on the Role that NAC returns, the client is placed in the client vlan.

The Client vlan has a IP interface configured on the Core switch with a IP helper configured to reach the DHCP server located in the Server Vlan.
The core switch is also configured with a second IP helper pointing to the NAC, so that the NAC can identify the client device types using DHCP Snooping.

The client would then request a IP address from the DHCP server.
This request reaches both the DHCP server and NAC beacuse of the IP helper config on the Core.

Everything operates correctly but the only thing is that the NAC keeps on complaining that it has lost connection to the "Client Vlan Interface" in the Core - due to SNMP Unreachable.
In netsight the Core is discovered on the Management interface.

Why does NAC complain about loosing comms to the Client vlan interface that is sending the DHCP request to it?

The network diagram looks as follows:  

The alarm on NAC is as follows:



Thx
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,010 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of OscarK

OscarK, ESE

  • 7,702 Points 5k badge 2x thumb
Official Response
Does this article help ?
https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Manager-is-polling-devices-not-in-th...

If you disable router discovery does the alarm stop ?