Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
925
Views
0
Helpful
5
Replies

Firewall Ports Required for NAC manager to manage/add Cisco switch

Go to solution
CSCO10675262_2
Level 1
Level 1

‎10-15-2010 11:05 AM - edited ‎02-21-2020 04:07 AM

Hi,

I am trying to add cisco switches to the NAM, however i am not able to add the switch as I am getting the error "unable to control switch" I have tried to open ports 161-162 on the firwall; if i was to allow any traffic between the NAM and switch, the cisco NAM is able to add/manage the switch.

Not sure what other ports may be required for cisco NAM to manage the switch?

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee

‎10-16-2010 01:10 AM

Hi,

AFAIK, only the UDP ports 161-162 for the SNMP communication need to be open.

Please make sure you have configured the correct port on the switch:

(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162 mac-notification snmp

If still not working i would check the logs on the firewall for any blocked traffic between the CAM and the switch.

HTH,

Tiago

--

If  this helps you and/or  answers your question please mark the question  as "answered" and/or rate  it, so other users can easily find it.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jan.nielsen
Level 7
Level 7

‎10-15-2010 12:49 PM

ssh needs to be open i think, and remember that snmp is udp based.

0 Helpful

Go to solution
CSCO10675262_2
Level 1
Level 1
In response to jan.nielsen

‎10-15-2010 02:25 PM

Hi jan,

Thanks for the update; yes the ports opened for snmp were udp 161-162. Is ssh port required for nam to manage the switch? I thought it was meant for cli access to the appliance?

Thanks.

0 Helpful

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee

‎10-16-2010 01:10 AM

Hi,

AFAIK, only the UDP ports 161-162 for the SNMP communication need to be open.

Please make sure you have configured the correct port on the switch:

(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162 mac-notification snmp

If still not working i would check the logs on the firewall for any blocked traffic between the CAM and the switch.

HTH,

Tiago

--

If  this helps you and/or  answers your question please mark the question  as "answered" and/or rate  it, so other users can easily find it.

0 Helpful

Go to solution
CSCO10675262_2
Level 1
Level 1
In response to Tiago Antunes

‎10-17-2010 09:07 PM

Hi Taigo,

Thanks for the update. I will give it a try to specify the port to be used in the snmp-server host(I thought the default port is 162). My current config used would be as follows:

snmp-server enable traps mac-notification change moved threshold

snmp-server enable traps snmp linkup linkdown

snmp-server host 172.16.1.61 version 2c cam_v2

I will provide an update on the updated configuration changes as suggested.

Thanks.

0 Helpful

Go to solution
CSCO10675262_2
Level 1
Level 1
In response to Tiago Antunes

‎10-19-2010 08:29 AM

Hi Tiago,

Thanks for the information. Turns out it was due to the rules.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card