Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

161

162

163

164

165

166

167

168

169

170

3-74

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 3 Switch Management: Configuring Out-of-Band Deployment

Troubleshooting SNMP

3. Create SNMP User

If there is a change in the above order, then the user is not properly bound to the correct Group or View.

This causes issues to the user and throws the above error.

OOB Client MAC/IP Not Found

Invalid Switch Configuration-OOB Error: OOB Client MAC/IP not found. Please contact network administrator.

This error usually occurs when the user tries to login. This happens when CAM is not able to find a

matching entry for the client’s MAC address in the Discovered Clients list

Perform the following steps:

• Check whether the SNMP receiver settings that are defined in CAM under OOB Management >

SNMP Receiver > SNMP Trap match those defined in the switch configuration. Make sure that the

switch is configured to send traps to CAM.

• Perform port bounce on the port to which the user is connected. This would make the switch to send

the traps to CAM. On processing the traps, CAM would add an entry to the Discovered Clients list.

After performing the above, the user will be able to login successfully.

Message Not Within Time Window

Error: Message not within time window

This error is seen in packet captures performed at CAM when SNMP V3 is used for write operations.

CAM stores the

snmpEngineID, snmpEngineBoots and snmpEngineTime for every switch in its memory.

When a switch is re-configured then the

engineBoots and engineTime are reset. When the switch sends

request, then these values are matched with the values that are stored in CAM for that

engineID. If they

are different, then the error message “Message not within time window” is displayed.

Workaround:

Update the switch profile. Go to the device profile under OOB Management > Profiles > Device for

the corresponding switch and update it. This would allow the CAM to reset the

engineBoots and

engineTime for the switches to default values. Another workaround is to restart the CAM perfigo

service.

Note Ensure that the switches are not configured with the same engineID. This causes the CAM to send the

engineBoots and engineTime of one switch to another switch as the engineIDs are same. This results

in failure of SNMP write operations and the error “message not in time window”.

Additional Information

In the CAM web console, navigate to OOB Management > Profiles > Port > New. When the option

Generate event logs when there are multiple MAC addresses detected on the same switch port is

enabled, there may be an impact on performance, as hub detection happens for every SNMP trap. Make

sure this option is disabled when using switches with large number of ports like 6500.