Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

101

102

103

104

105

106

107

108

109

110

3-17

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 3 Switch Management: Configuring Out-of-Band Deployment

Configure Your Switches

(config)# snmp-server community c2950_write RW

• SNMP V3 settings:

For auth (username: “c2950_user;” password: “c2950_auth”):

(config)# snmp-server view v1default iso included

(config)# snmp-server group c2950_group v3 auth read v1default write v1default notify

vldefault

(config)# snmp-server user c2950_user c2950_group v3 auth md5 c2950_auth

For priv (username: “c2950_user;” password: “c2950_priv”):

(config)# snmp-server view v1default iso included

(config)# snmp-server group c2950_group v3 priv read v1default write v1default notify

vldefault

(config)# snmp-server user c2950_user c2950_group v3 auth md5 c2950_auth priv des

c2950_ priv

Step 8 Enable MAC notification or linkup/linkdown SNMP traps and set MAC address table aging-time when

necessary for the switch.

To support a variety of switch configurations, Cisco NAC Appliance supports switches using both MAC

Change Notification and MAC Move Notification traps. If enabling MAC notification traps, the MAC

address table aging-time must be set to a non-zero value. Cisco recommends setting the MAC address

table aging-time to at least 3600 seconds for switches that have limited space for MAC addresses, and

to a higher value (e.g. 1000000) if your switches support a sufficiently large number of MAC entries. If

a switch supports MAC notification traps, Cisco NAC Appliance uses the MAC change

notification/MAC move notification trap by default, in addition to linkdown traps (to remove users). If

the switch does not support MAC change notification/MAC move notification traps, the Clean Access

Manager uses linkup/linkdown traps only.

(config)# snmp-server enable traps mac-notification

(config)# snmp-server enable traps snmp linkup linkdown

(config)# mac-address-table aging-time 3600

Step 9 Enable the switch to send SNMP MAC notification and linkup traps to the Clean Access Manager. The

switch commands used here depend on the SNMP version used in the SNMP trap settings in Configure

SNMP Receiver, page 3-44.

Note For better security, Cisco recommends administrators use SNMP V3 and define ACLs to limit SNMP

write access to the switch.

To support a variety of switch configurations, Cisco NAC Appliance supports switches using both MAC

Change Notification and MAC Move Notification traps.

• SNMP v1 (SNMP community string is “cam_v1”):

(config)# snmp-server host 172.16.1.61 traps version 1 cam_v1 udp-port 162

mac-notification snmp

• SNMP V2C (SNMP community string is “cam_v2”):

(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162

mac-notification snmp

• SNMP v3.

• The following commands should be run in the order of: group, user, and host.