we have a strange behavior with NAC and Extreme switches.
On the switch there are different vlans with different ip addresses.
All vlans are in the same VR (vr-default).
The connection for management between NAC and the switches is located in a management vlan (vr-default, too).
NAC has only a direct route to the management ip address (Management vlan) on the switch.
Only the management ip of the switch is configured on the NAC.
All ip addresses on the switch are reachable from NAC (managmenet vlan and the other vlans).
But now what we see:
The link between the NAC and the switch are working and NetSight and NAC shows green for the connection.
All works fine.
BUT we receive alarm messages in the NetSight as below:
Critical NAC Lost Contact with Switch 184.108.40.206 / 220.127.116.11 Full Loss of Contact to Switch detected: 18.104.22.168due to: Unable to make SNMP contact
The 22.214.171.124 (as example) is the ip address from the nac, 126.96.36.199 is the ip address from the Switch ( but NOT the management ip address).
Now the questions:
Why detects the NAC a contact lost in a network not used for management and authentication? How can I avoid these alarms?
One further hint: The NAC receives DHCP-Messages on the vlans not used for management. Maybe this is the cause why the NAC knows the vlans and ips on the switch (not used for management).