This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (General)
- Strange NAC Lost Contact alarms
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Strange NAC Lost Contact alarms
Strange NAC Lost Contact alarms
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā02-29-2016 09:39 AM
Hello All,
we have a strange behavior with NAC and Extreme switches.
On the switch there are different vlans with different ip addresses.
All vlans are in the same VR (vr-default).
The connection for management between NAC and the switches is located in a management vlan (vr-default, too).
NAC has only a direct route to the management ip address (Management vlan) on the switch.
Only the management ip of the switch is configured on the NAC.
All ip addresses on the switch are reachable from NAC (managmenet vlan and the other vlans).
But now what we see:
The link between the NAC and the switch are working and NetSight and NAC shows green for the connection.
All works fine.
BUT we receive alarm messages in the NetSight as below:
Critical NAC Lost Contact with Switch 1.1.1.1 / 2.2.2.2 Full Loss of Contact to Switch detected: 2.2.2.2due to: Unable to make SNMP contact
The 1.1.1.1 (as example) is the ip address from the nac, 2.2.2.2 is the ip address from the Switch ( but NOT the management ip address).
Now the questions:
Why detects the NAC a contact lost in a network not used for management and authentication? How can I avoid these alarms?
One further hint: The NAC receives DHCP-Messages on the vlans not used for management. Maybe this is the cause why the NAC knows the vlans and ips on the switch (not used for management).
Best regards
Steve
we have a strange behavior with NAC and Extreme switches.
On the switch there are different vlans with different ip addresses.
All vlans are in the same VR (vr-default).
The connection for management between NAC and the switches is located in a management vlan (vr-default, too).
NAC has only a direct route to the management ip address (Management vlan) on the switch.
Only the management ip of the switch is configured on the NAC.
All ip addresses on the switch are reachable from NAC (managmenet vlan and the other vlans).
But now what we see:
The link between the NAC and the switch are working and NetSight and NAC shows green for the connection.
All works fine.
BUT we receive alarm messages in the NetSight as below:
Critical NAC Lost Contact with Switch 1.1.1.1 / 2.2.2.2 Full Loss of Contact to Switch detected: 2.2.2.2due to: Unable to make SNMP contact
The 1.1.1.1 (as example) is the ip address from the nac, 2.2.2.2 is the ip address from the Switch ( but NOT the management ip address).
Now the questions:
Why detects the NAC a contact lost in a network not used for management and authentication? How can I avoid these alarms?
One further hint: The NAC receives DHCP-Messages on the vlans not used for management. Maybe this is the cause why the NAC knows the vlans and ips on the switch (not used for management).
Best regards
Steve
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā04-05-2016 09:03 AM
Is the issue resolved if you uncheck router discovery as explained in this article ?
https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Manager-is-polling-devices-not-in-th...
https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Manager-is-polling-devices-not-in-th...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-01-2016 08:18 AM
Hello Suresh,
there is only a layer 3 connection between NAC and switches. Switches and NAC are in different networks and the connection is routed. Therefore the NAC default gw is not the same as the default gw of the switches.
1)The behavior is for all used switches the same. We use X450G2.
2)No we have no link flaps in the vlan.
3)As you mentioned I checked the the show log on a switch and I can see this message:
"03/01/2016 07:28:50.93 Slot-1: Login failed through SNMPv1/v2c - bad community name (1.1.1.1)"
We have two NAC-GW. Both are configured in the same way (we think so) and in our opinion we haven't configure SNMPv1/v2c only SNMPv3. The message are only received for one NAC (1.1.1.1) not for the second NAC.
Maybe this is the hint, but we don't know why NAC tries to open a connection via SNMPv1/v2c.
4) We are using only the standard alarms form NAC "NAC Lost Contact with Switch" in the alarm manager and we expect only a alarm message if the connection configured in the āNAC-Managerā on the āswitch tabā is broken. Please be aware the alarm message is generated on the NAC and not on the switch. The NAC detects the "Lost Contact".
Is there a place in the NAC config where we can configure SNMP (not for the connection between NAC and NetSight but rather for the connection between NAC and Switch)?
there is only a layer 3 connection between NAC and switches. Switches and NAC are in different networks and the connection is routed. Therefore the NAC default gw is not the same as the default gw of the switches.
1)The behavior is for all used switches the same. We use X450G2.
2)No we have no link flaps in the vlan.
3)As you mentioned I checked the the show log on a switch and I can see this message:
"03/01/2016 07:28:50.93 Slot-1: Login failed through SNMPv1/v2c - bad community name (1.1.1.1)"
We have two NAC-GW. Both are configured in the same way (we think so) and in our opinion we haven't configure SNMPv1/v2c only SNMPv3. The message are only received for one NAC (1.1.1.1) not for the second NAC.
Maybe this is the hint, but we don't know why NAC tries to open a connection via SNMPv1/v2c.
4) We are using only the standard alarms form NAC "NAC Lost Contact with Switch" in the alarm manager and we expect only a alarm message if the connection configured in the āNAC-Managerā on the āswitch tabā is broken. Please be aware the alarm message is generated on the NAC and not on the switch. The NAC detects the "Lost Contact".
Is there a place in the NAC config where we can configure SNMP (not for the connection between NAC and NetSight but rather for the connection between NAC and Switch)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-01-2016 02:47 AM
Hi Steve,
Please correct me if I am wrong.
You have NAC server which has default route to switch mgmt interface and netsight receives alarms from other vlans .
1) What is the switch hardware model and current status ?
2) Do you see any link flaps from 2.2.2.2 vlan.
3) Please check the show log and show management from switch.
4) What is the expected behavior from switch as per your Trap/alarm configuration,
was it working earlier ?
Thanks,
Suresh.B
Please correct me if I am wrong.
You have NAC server which has default route to switch mgmt interface and netsight receives alarms from other vlans .
1) What is the switch hardware model and current status ?
2) Do you see any link flaps from 2.2.2.2 vlan.
3) Please check the show log and show management from switch.
4) What is the expected behavior from switch as per your Trap/alarm configuration,
was it working earlier ?
Thanks,
Suresh.B
