Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall Ports Required for NAC manager to manage/add Cisco switch

Hi,

I am trying to add cisco switches to the NAM, however i am not able to add the switch as I am getting the error "unable to control switch" I have tried to open ports 161-162 on the firwall; if i was to allow any traffic between the NAM and switch, the cisco NAM is able to add/manage the switch.

Not sure what other ports may be required for cisco NAM to manage the switch?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Firewall Ports Required for NAC manager to manage/add Cisco

Hi,

AFAIK, only the UDP ports 161-162 for the SNMP communication need to be open.

Please make sure you have configured the correct port on the switch:

(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162 mac-notification snmp

If still not working i would check the logs on the firewall for any blocked traffic between the CAM and the switch.

HTH,

Tiago

--

If  this helps you and/or  answers your question please mark the question  as "answered" and/or rate  it, so other users can easily find it.

5 REPLIES

Re: Firewall Ports Required for NAC manager to manage/add Cisco

ssh needs to be open i think, and remember that snmp is udp based.

New Member

Re: Firewall Ports Required for NAC manager to manage/add Cisco

Hi jan,

Thanks for the update; yes the ports opened for snmp were udp 161-162. Is ssh port required for nam to manage the switch? I thought it was meant for cli access to the appliance?

Thanks.

Cisco Employee

Re: Firewall Ports Required for NAC manager to manage/add Cisco

Hi,

AFAIK, only the UDP ports 161-162 for the SNMP communication need to be open.

Please make sure you have configured the correct port on the switch:

(config)# snmp-server host 172.16.1.61 traps version 2c cam_v2 udp-port 162 mac-notification snmp

If still not working i would check the logs on the firewall for any blocked traffic between the CAM and the switch.

HTH,

Tiago

--

If  this helps you and/or  answers your question please mark the question  as "answered" and/or rate  it, so other users can easily find it.

New Member

Re: Firewall Ports Required for NAC manager to manage/add Cisco

Hi Taigo,

Thanks for the update. I will give it a try to specify the port to be used in the snmp-server host(I thought the default port is 162). My current config used would be as follows:

snmp-server enable traps mac-notification change moved threshold

snmp-server enable traps snmp linkup linkdown

snmp-server host 172.16.1.61 version 2c cam_v2

I will provide an update on the updated configuration changes as suggested.

Thanks.

New Member

Re: Firewall Ports Required for NAC manager to manage/add Cisco

Hi Tiago,

Thanks for the information. Turns out it was due to the rules.

Thanks.

516
Views
0
Helpful
5
Replies
CreatePlease login to create content