Cisco Cisco Clean Access 3.5
4-42
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 4 Switch Management and Cisco Clean Access Out-of-Band (OOB)
Configure OOB Switch Management in the CAM
Advanced
Use the Advanced Config page (
) to view or configure which SNMP trap notification type
the CAM SNMP Receiver will use for a particular switch.
•
If a switch supports MAC Notification, the CAM automatically enables this option.
•
If a switch does not support MAC Notification, the CAM enables the Linkup Notification option.
In this case the administrator can optionally enable Port Security on the switch if the switch supports
this feature.
In this case the administrator can optionally enable Port Security on the switch if the switch supports
this feature.
•
If a switch supports both MAC Notification and Linkup, the administrator can optionally disable
mac-notification by selecting Linkup Notification instead and clicking Update.
mac-notification by selecting Linkup Notification instead and clicking Update.
Figure 4-26
Advanced Config
Linkup/Linkdown is a global system setting on the switch that tracks whether a connection has
non-operating or operating status. With the Linkup/Linkdown trap method, the Clean Access Manager
must poll each port to determine the number of MACs on the port.
non-operating or operating status. With the Linkup/Linkdown trap method, the Clean Access Manager
must poll each port to determine the number of MACs on the port.
Linkdown Traps
A client machine shutdown or reboot will trigger a linkdown trap sent from the switch to the CAM (if
linkdown traps are set up on the switch and configured on the CAM via the Port profile). Thereafter, the
client port behavior depends on the Port profile settings for that specific port.
linkdown traps are set up on the switch and configured on the CAM via the Port profile). Thereafter, the
client port behavior depends on the Port profile settings for that specific port.
Whether the SNMP Receiver is configured for mac-notification or Linkup, the CAM uses the linkdown
trap to remove users. For example, the linkdown trap is used if:
trap to remove users. For example, the linkdown trap is used if:
•
An OOB online user is removed and the Port Profile is configured with the option “Remove
out-of-band online user when SNMP linkdown trap is received.”
out-of-band online user when SNMP linkdown trap is received.”
•
Port Security is enabled on the switch.
Note
The port VLAN setting is not changed upon Linkdown. As a result, the port remains in the same state
left by the last machine connected to the port.
left by the last machine connected to the port.
Port Security
If the switch additionally supports Port Security, the Port Security option will also appear on the
Advanced Page (
Advanced Page (
). When using Linkup notification, the Port Security feature can provide
additional security by causing the port to only allow one MAC address when a user authenticates. So
even if the port is connected to a hub, only the first MAC that is authenticated is allowed to send traffic.
Note that availability of the Port Security feature is dependent on the switch model and OS being used.
even if the port is connected to a hub, only the first MAC that is authenticated is allowed to send traffic.
Note that availability of the Port Security feature is dependent on the switch model and OS being used.