NAC 4.7.2 OOB SNMP issues

Unanswered Question
Jul 15th, 2010

Hello,

I am setting up a NAC CAM and CAS 4.7.2 OOB setup in a test environment (NAC failover for CAM and CAS), and I am seeing some strange SNMP issues.  I am testing with a 3750 switch (12.2(53)SE1) using SNMP v2 and v3 since v3 and accessing the switch port configuration in the NAC manager is extremely slow.  I click OOB Management -> devices -> switch XXX and it takes several minutes for the port listing to display.  Then sometimes it comes up quickly but a 'show debug snmp' on the switch shows that it isn't polling the switch so it apparently starts pulling the ports page from cache, but I can see now logic in how it does this.

Q1) When and why does the ports page pull cached info?

Q2) Why is SNMP queries operating so slowly with NAC 4.7.2 OOB?

Here is my test switch/NAC SNMP config (with pseudo names and fake passwords):

-----------------

snmp-server community switch_read ro   (matches OOB Management -> Profiles -> Device -> SNMP Read v2 settings)

snmp-server view v1default iso included

snmp-server user switch_write switch_group v3 auth md5 <my-password>  (matches OOB Management -> Profiles -> Device -> SNMP Write v3 settings)

snmp-server group switch_group v3 auth read v1default write v1default

snmp-server user cam_notify cam_group v3 auth md5 <my-password>

snmp-server host 10.200.11.100 traps version 3 auth cam_notify mac-notification snmp  (matches OOB Management ->  Profiles -> SNMP Receiver v3 settings)

snmp-server group cam_group v3 auth read v1default write v1default notify v1default

-----------------
What is wrong with my setup?  Any help is appreciated.
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Mon, 07/19/2010 - 06:26

Hi,

CCA currently supports only writes with V3. Reads and Traps still have to be V2 or 1. Can you tweak your settings to be those and try?

Faisal

benjamin.hutchins Thu, 07/12/2012 - 08:14

Did anyone ever find a solution to this issue? I'm having the same problem.... it takes minutes to open the ports on a switch in the CAM. It shouldn't take minutes to manage ports for each switch, it should take less than 10 seconds...

Actions

This Discussion