Enforce fail on NAC


Hi 🙂,

when I try to enforce the NAC appliances, I get a fail message (see pic below).
In the NAC Manager I can see the reason under "Status".
How can I solve this problem?

- The Netsight Server VM has a disabled firewall.
- SNMP settings are correct.
- I can see the appliances in Netsight Console and they are up. (Device Manager works too)

Thanks for any replies 🙂


4 replies

Userlevel 6
Hi Tyrone. Did this ever work?
The NAC Icons are orange, this is typically a license issue.

You may want to review the following article
https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Orange-Arrow-in-NAC-manager-Unlicens...
Userlevel 7
A red/orange arrow means that there is a communication problem.
In short, without communication no enforcement.

SSH to the NAC appliance and run "nacstatus" - this might give some information on what is going wrong in the section "Communications Diagnostics",

If you see there a issue with WebServices you'd try...
https://gtacknowledge.extremenetworks.com/articles/Solution/New-NAC-Appliance-Green-in-NetSight-Cons...

What have you done tp run into this problem ?

-Ron
Hi Mike and Ron,

thanks for your replies.

I checked the licence and everything is fine there.

When I run the "nacstatus" command on the NAC appliance, I get the following output:



- I double checked the DNS settings on the NACs and DNS Server. Everything is correct.
- A nslookup to the DNS name of the appiances gives me a unreachable error.
- Ping to the DNS Servers and Netsight Server over IP works.
- Reconfig over /usr/nac/postinstall did not solve the problem.

A "netstat -tanpl" gives me this output:



Am I missing something?
Update: Problem solved.

There were wrong DNS server IP addresses in the appliance network settings over the NAC Manager.

Thanks again for your help! 🙂

Reply