Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 4 Switch Management: Configuring Out-of-Band (OOB) Deployment
OOB Troubleshooting
OOB Troubleshooting
•
•
•
OOB Switch Trunk Ports After Upgrade
Because Cisco NAC Appliance can control switch trunk ports for OOB (starting from release 3.6(1) and
above), uplink ports for managed switches need configured as “uncontrolled” ports either before or after
upgrade (see “Settings That May Change With Upgrade” in the Release Notes for Cisco NAC Appliance
(Cisco Clean Access), Version 4.1(0) at
http://www.cisco.com/en/US/products/ps6128/prod_release_note09186a008070866a.html#wp42679).
This can be done in one of two ways:
above), uplink ports for managed switches need configured as “uncontrolled” ports either before or after
upgrade (see “Settings That May Change With Upgrade” in the Release Notes for Cisco NAC Appliance
(Cisco Clean Access), Version 4.1(0) at
http://www.cisco.com/en/US/products/ps6128/prod_release_note09186a008070866a.html#wp42679).
This can be done in one of two ways:
•
Before upgrading, change the Default Port Profile for the entire switch to “uncontrolled” under
Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile |
uncontrolled, or
Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile |
uncontrolled, or
•
After upgrading, change the Profile to “uncontrolled” for the applicable uplink ports of the switch
under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile
under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile
This will prevent unnecessary issues when the Default Port Profile for the switch has been configured as
a managed/controlled port profile
a managed/controlled port profile
If for some reason the above steps are omitted and the switch becomes disconnected, use the following
procedure:
procedure:
1.
Delete the switch from the List of Switches in the CAM (under Switch Management > Devices >
Switches > List).
Switches > List).
2.
Configure the switch using its CLI to reverse the changes made to the uplink port by the CAM (trunk
native vlan and mac-notification), for example:
native vlan and mac-notification), for example:
(config-if)# switchport trunk native vlan xxx
(config-if)# no snmp trap mac-notification added
3.
Add the switch back to the CAM (under Switch Management > Devices > Switches > New or
Search), applying “uncontrolled” as the Default Port Profile.
Search), applying “uncontrolled” as the Default Port Profile.
4.
Specifically assign the “uncontrolled” port Profile to the uplink port and other uncontrolled ports
(under Switch Management > Devices > Switches [x.x.x.x] > Ports).
(under Switch Management > Devices > Switches [x.x.x.x] > Ports).
5.
Reset the Default Port Profile for the switch (under Switch Management > Devices > Switches
[x.x.x.x] > Config).
[x.x.x.x] > Config).
Initialize the switch ports (under Switch Management > Devices > Switches [x.x.x.x] > Ports).
Unable to Control <Switch IP>
If the error message Unable to control “<Switch_IP>” displays on the console when attempting to add
a switch under Switch Management > Devices > Switches > New:
a switch under Switch Management > Devices > Switches > New:
•
Make sure the switch profile matches the switch type. For example, if switch is a 3750, but you
specified it as a 2950 in the switch profile, the CAM will fail when it tries to add the 3750 using
2950 profile. Changing the profile to 3750 will resolve this issue.
specified it as a 2950 in the switch profile, the CAM will fail when it tries to add the 3750 using
2950 profile. Changing the profile to 3750 will resolve this issue.