Just had it confirmed by Cisco Tac. The 12.2(50) version of code is the oldest which they say will work.
This is from the Release Notes of NAC 4.7 and seems to explain it:
Open Caveats NAC
CSCsr95757
No
CAM intermittently stops processing SNMP MAC notification traps from the switch.
This issue can occur on different edge switches. Once the problem is present, no further SNMP MAC notification traps are processed from the CAM for the switch in question.
Note: There is no perfigo-log0.log.0 information, but a tcpdump from a CAM CLI session indicates that the CAM is receiving SNMP MAC notification traps.
Workaround: To re-establish correct SNMP trap handling on the CAM, open a CAM CLI session and enter the following commands:
service perfigo stop
service perfigo start
The CAM immediately starts processing the SNMP MAC notification traps from the problem switch(es).
Note: After a period of time, however, this problem may appear again.
FYI, the workaround didn't help in version 12.2(46) code on a 4506.
Here is the bug information from CCO:
CSCsr84693 Bug Details
Incomplete MAC notification SNMP trap on 4500s
Symptom:
Incomplete MAC notification trap is seen in 12.2(46)SG. The trap is missing some
fields
4: Mon 08/04/08 20:30:54
sysUpTimeInstance = 0d 0:04:10.83
snmpTrapOID.0 = CISCO-MAC-NOTIFICATION-MIB!cmnMacChangedNotification
cmnHistMacChangedMsg.3 = 02
cmnHistTimestamp.3 = 0d 0:04:10.83
A complete traps looks like the following:
sysUpTimeInstance = 0d 0:07:14.16
snmpTrapOID.0 = CISCO-MAC-NOTIFICATION-MIB!cmnMacChangedNotification
cmnHistMacChangedMsg.2 = 01:00:01:00:11:00:22:00:33:00:47:00
cmnHistTimestamp.2 = 0d 0:07:14.16
Thus, in cmnHistMacChangedMsg attribute, the following fields are missing:
MAC Address
Dot1dBasePort
Conditions:
This problem is seen whenever a Mac notification trap is sent.
Workaround:
Use CLI "sh mac-add not change" in 12.2(46)SG.
Use a different software release; eg., 12.2(44)SG
Hope this helps.
