Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

101

102

103

104

105

106

107

108

109

110

3-16

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 3 Switch Management: Configuring Out-of-Band Deployment

Configure Your Switches

Note If the CAM is down and the CAS is performing VLAN mapping in “fail open” state, do not reboot the

CAS because the VLAN mapping capability will be lost until the CAM comes back online.

Step 4 For Real-IP Gateways, add static routes on the L3 switch or router to route traffic for the managed

subnets to the trusted interface of the respective CASs.

Step 5 Configure SNMP miscellaneous settings:

(config)# snmp-server location <location_string>

(config)# snmp-server contact <admin_contact_info>

Note When configuring SNMP settings on switches, never use the “@” character in the community string.

Step 6 Configure the SNMP read community string (V1/V2c) or username/password (V3) used in Configure

Switch Profiles, page 3-30.

• SNMP V1/V2c settings (SNMP read-only community string is “c2950_read”):

(config)# snmp-server community c2950_read RO

• SNMP V3 settings (username: “c2950_user;” password: “c2950_auth”):

(config)# snmp-server view v1default iso included

(config)# snmp-server group c2950_group v3 auth read v1default write v1default

(config)# snmp-server user c2950_user c2950_group v3 auth md5 c2950_auth

For SNMP V3 read, create SNMP V3 contexts for the VLANs that are used in the switch. To get the

contexts that are present in the switch, run the following command in the switch:

access-switch# sh snmp context

The output will be similar to the following:

vlan-1

vlan-2

vlan-3

vlan-8

vlan-9

....

vlan-1005

Create SNMP V3 contexts for the VLANs that are used. For example, if the vlan-8 and vlan-9 are

being used, then the command to create the context is as follows:

(config)# snmp-server group c2950_group v3 auth context vlan-8

(config)# snmp-server group c2950_group v3 auth context vlan-9

The above example is to create SNMP V3 context when the security method is set to AuthNoPriv.

You need to provide the commands based on the security level as follows:

• auth — AuthNoPriv as security level

• noauth — NoAuthNoPriv as security level

• priv — AuthPriv as security level

Step 7 Configure the SNMP write community string (V1/V2c) or username/password (V3) used in Configure

Switch Profiles, page 3-30.

• SNMP V1/V2c settings (SNMP read-write community string is “c2950_write”):