NAC managing trunk port

Brian O'Flynn · ‎09-02-2011

Hi,

Seen a strange problem recently and I can't see what is causing it. Running Cisco NAC 4.1.6 OOB on the LAN. For some reason in the middle of the night, the snmp trap mac-notification added command appeared on the trunk uplink port of one of our switches.

I don't know exactly when the command was added but at 2am when the backup of the config was taken, it was there. At around 4:30am, the uplink went off-line.

Is there anything within NAC that would push a change like that automatically to a switch. We do have NAC Profiler running on the network also.

The problem was in a branch office so I only got the information second hand what was on the switch itself. We moved the uplink to a different port which allowed the switch to show up on the CAM again, however when I viewed it, the uplink port was set to controlled!

Does this make any sense?

Also, as an aside, does anyone know how long devices will stay in the certified device list if no timer is configured to clear it out?

Cheers

Brian

Tarik Admani · ‎09-02-2011

Brian,

Do you have this command enabled on your switch:

snmp-server ifindex persist

If you look at the port configurations do they look skewed?

Thanks,
Tarik

Brian O'Flynn · ‎09-02-2011

Hi Tarik,

Thanks for the reply. I don't have that command configured and do see the interfaces skewed on the CAM but only from after port 12. Up until that, they match up ok and it is Port 1 that had the problem.

Cheers

Brian