NAC 3310 CAM and 3750 switch

Unanswered Question
Jun 24th, 2008

Hello,


I have an OOB virtual gateway implementation with managed 3750 and 2950 switches.


My problem is the vlan on the 3750 ports doesn't change according to access vlan assignment when a computer (laptop) is plugged in.


And looking at the CAM event logs, I saw this message:


SW_Management2008-06-23 16:59:16SNMP trap event is received from switch [172.18.254.7] which is NOT in our database.


Fyi, I have no problem with my 2950 switch.


Was wondering if any of you had experienced this issue and how you resolved it?


I have the latest CAM/CAS version at 4.1.3.1 Also, my 3750 IOS version is at 12.2(25)SEE4.


Please help...Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Tue, 07/01/2008 - 11:01

Administrators must use the following procedure for correct configuration of a Virtual Gateway Central Deployment. Steps are as per below.

Step 1 Before you connect both interfaces of the CAS to the switch, physically disconnect the eth1 interface.

Step 2 Physically connect the eth0 interface of the CAS to the network.

Step 3 Add the CAS to the CAM in the CAM web console under Device Management > CCA Servers > New Server

Step 4 Manage the CAS by accessing the CAS management pages, via Device Management > CCA Servers > Manage [CAS_IP]

Step 5 Configure VLAN mapping. This is a mandatory step for a Central Deployment where both interfaces of the CAS connect to the same switch. (Note that you can configure VLAN mapping in Edge Deployments with no adverse affect, but you are not required to do so.)

a. Make sure you check the "Enable VLAN Mapping" checkbox and click Update.

b. Make sure to set the Untrusted VLAN-to-Trusted VLAN mapping under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping.



For the further details follow the URL :

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cas/s_instal.html


ernesto.chu Wed, 07/02/2008 - 08:07

Thank you for the reply. Was able to resolve this issue thru TAC. The problem was that the IP address I used to managed the switch from the CAM was not the same one used by the switch to connect back to the CAM.


Long story short, I re-added using the IP address of the switch (3750) that it uses to communicate back to CAM and it fixed it.


Looking at it, it kinda makes sense as I have several SVI's on this 3750 with 'ip routing' enabled.

Actions

This Discussion