NAC Reporting Losing contact with Switch: SNMP unreachable


Userlevel 5
Hi All

Perhaps someone can direct me in the correct way here.
We have a virtual NAC,NMS and V2110 controller deployed at a client.

The clients site consists of three vlans, a Server vlan, a Management vlan and a Client vlan.
The NAC and NMS is located in the Server subnet.

All network devices is discoverd in Netsight on the Management subnet. (All switches has a interface in the management Vlan, including the management port of the V2110 controller)

When clients connect to the Wireless AP's they authenticate to the NAC using MAC Auth.
The client would authenticate and NAC would then return the correct ROLE for the client.
Based on the Role that NAC returns, the client is placed in the client vlan.

The Client vlan has a IP interface configured on the Core switch with a IP helper configured to reach the DHCP server located in the Server Vlan.
The core switch is also configured with a second IP helper pointing to the NAC, so that the NAC can identify the client device types using DHCP Snooping.

The client would then request a IP address from the DHCP server.
This request reaches both the DHCP server and NAC beacuse of the IP helper config on the Core.

Everything operates correctly but the only thing is that the NAC keeps on complaining that it has lost connection to the "Client Vlan Interface" in the Core - due to SNMP Unreachable.
In netsight the Core is discovered on the Management interface.

Why does NAC complain about loosing comms to the Client vlan interface that is sending the DHCP request to it?

The network diagram looks as follows:



The alarm on NAC is as follows:



Thx

5 replies

Userlevel 6
Does this article help ?
https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Manager-is-polling-devices-not-in-th...

If you disable router discovery does the alarm stop ?
Userlevel 6
And that IP is the IP Address of the switch as defined in the switches tab in NAC manager?
Userlevel 5
Hi Mike
No only the Wireless controller's IP address is defined in the switch TAB.
The core is not configured for an Authentication so no need to be configured in NAC.
The core is only discovery in Netsight on the Management Vlan IP and not the Client vlan IP.

Regards
Andre
Userlevel 6
Andre Brits Kannemeyer wrote:

Hi Mike
No only the Wireless controller's IP address is defined in the switch TAB.
The core is not configured for an Authentication so no need to be configured in NAC.
The core is only discovery in Netsight on the Management Vlan IP and not the Client vlan IP.

Regards
Andre

Oscar beat me to the punch! Glad it is fixed.
Userlevel 5
Hi Oscar

Thx that did the trick!! Nac operated normally and no more errors.

Reply