cancel
Showing results for 
Search instead for 
Did you mean: 

Net sight NAC alert - Full Loss of Contact to Switch detected

Net sight NAC alert - Full Loss of Contact to Switch detected

Tiago_Molinos
New Contributor II
Hi there!

We've been implementing a wireless solution with Netsight, Wireless Controllers and a NAC Appliance.

I've been getting this alerts in Netsight:

Full Loss of Contact to Switch detected: 10.0.39.254 due to: Unable to make SNMP contact10.0.255.11 / 10.0.33.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.33.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.3.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.3.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.5.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.5.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.69.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.69.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.9.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.9.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.67.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.67.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.2.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.2.254 due to: Unable to make SNMP contact
10.0.255.11 / 10.0.6.254 NAC Lost Contact with Switch Full Loss of Contact to Switch detected: 10.0.6.254 due to: Unable to make SNMP contact

What I don't understand is that these IP addresses do not belong to any switch configured. They are configured in a Firewall witch is the default gateway for the wireless client networks.
The firewall is also added to the net sight appliance, but it should only use its management ip address (in-band) 10.0.255.254...

Any ideas?

Best regards,

Tiago Molinos
3 REPLIES 3

Matthew_Hum1
Extreme Employee
In that case, in the IP Resolution tab, you should enter all the networks you will be using, with their default gateway, and then enter a separate management IP/credentials. You would need to do this for each subnet that clients would be appearing on. I believe thats what you said you did, so you shouldn't have any issues. Please remember to add a NAC appliance as the DHCP helper-address/bootprelay in your firewall config.

Tiago_Molinos
New Contributor II
Hi Matthew,

IPs are resolving correctly. I think the problem is with the Firewall how "owns" all the networks gateway IP address. It's not supposed for it to answer SNMP on all it's interfaces, but only on it's management interface. I've configured the NAC appliance with the correct SNMP address and credentials... Just waiting to see if that solved the alert!

Thank you!

Matthew_Hum1
Extreme Employee
The gateway is used to determine MAC-to-IP resolution as a secondary (or tertiary) method. It is trying to pull the ipNet2Media MIB from the gateway, and the management interface (and appropriate credentials) can be configured in the IP Resolution tab of the Appliance Settings. Is DHCP Snooping set up correctly? are the IPs for end systems resolving correctly?
GTM-P2G8KFN