Header Only - DO NOT REMOVE - Extreme Networks

Nac appliance connection problem after upgrading to

Userlevel 2
Hi all,

I have upgraded nac appliance from version to , which was running on an Extreme Access Control IA–A–20 hardware , by following steps described at https://gtacknowledge.extremenetworks.com/articles/Q_A/What-are-the-basic-steps-to-upgrade-a-NAC-app...

After the upgrade I can only access the appliance from console. I can also ping but however cannot connect through SSH, web interface or Netsight.


10 replies

Userlevel 2
Any ideas ?
Userlevel 2
Is version supported on IA–A–20 ?
Userlevel 2
I'd really like to know the answer to that question.

Userlevel 2
I remembered there was something in the release notes:

When upgrading to Management Center NAC Manager 8.0, you are required to
upgrade your Access Control engine version to 7.1.2 or 8.0. Additionally, both
Management Center NAC Manager and the Access Control engine must be at
version 8.0 in order to take advantage of the new Access Control 8.0 features.

Maybe that's the issue

Userlevel 2
running EMC version is
Userlevel 7
Easy, it's still in the pricelist so it's supported.

I've no experience with a hardware NAC but I'd have done a little bit more then following the guide you've mentioned.

First of all I'd never jump a major release, I'd upgrade from 6 to 7 and then to 8.
Also I'd read/follow the release notes and the documents that are mentioned there.

If you don't follow the rules something like that could happen - I've killed my VM NAC last time during the v8 upgrade because I didn't read the release notes.
The file for the required OS upgrade to v8 is very large and could take a while if the uplink is slow, I thought the process was finished and hit ctrl-c .... it wasn't and that was the end of my NAC.

The easy thing about a VM NAC - just install the .ova from scratch and set the basic parameters and then sync it and you are good to go.

Userlevel 2
I recently upgraded from 6.2 to 8 on an A20. Did the interim update to 7.1 in the process and SSH etc works. Only issue was netsight was still running on 80 and 443, had to change to the default 8080 and 8443 before I could enforce from Nac Manager.
Userlevel 2
Before the upgrade I did read the document Upgrading to Extreme Access Control 8.0 . Just at the beginning of this document it writes:

This document provides information on upgrading from NAC 6.2, and NAC 6.3 to Extreme Access Control 8.0, including requirements and instructions for upgrading the software on your Access Control Gateway engines.

Then it describes the requirements and steps to upgrade the engine software. It is totally 13 page document and I could not see anything that mentions about an interim upgrade.

I have also read Extreme Management Center Customer Release Notes where it was writing:

If you are upgrading from a NetSight/Management Center version prior to 7.1, you must perform an intermediate upgrade.

But I understand that the statement is just for Netsight, not for NAC.

Please correct me if I am I wrong.
Userlevel 1
wouldn't it just be easier to wipe and reinstall the Os/firmware?

if you really want to troubleshoot this, check that the services are running, and things are listening accordingly. SSH uses the standard sshd daemon, so you should be able to netstat -an |grep 22 and verify that it is listening on that port. if you still cannot connect you can always try to run tcpdump and verify that a connection is getting established.
you can also run your client in debug mode to verify key exchange and identify if the problem is connectivity, or something like a key exchange issue (or even wrong credentials).
Userlevel 2

I installed version of NAC and Netsight three weeks ago. Because not just NAC has issues at version, but also Netsight web management was not working properly either.

Thanks all