Re: NAC OOB Error:Mac address of <IP Address> not found

zebula · ‎08-19-2010

I am setting up a small scale setup of a NAC environment to obtain some basic understanding. I have a 3750 switch running 12.2.(46)SE as the router switch. I am using a 3350 as a manager and a 3315 as a server. I have able to control the switch via SNMP via the manager. I think that is working correctly because of the following action. I set a switch port on vlan x, it is set up to move the port over to vlan y when something is connected. Then after authorization it is suppose to move it over to vlan z. I have defined local users on the manager. I connect up a pc, I use the web login method, when I put in the user credentials I get the OOB Error.

Any ideas on the issue?

Since the manager properly moves the switch port from vlan x to y I believe my SNMP setup is correct, but I could be wrong.

Faisal Sehbai · ‎08-19-2010

Hi,

That message means that the CAM never got the trap for the client it's being asked to authenticate. Re-check your SNMP settings, particularly the host definition of the CAM on your switch and make sure the strings match.

HTH,

Faisal

zebula · ‎08-20-2010

Faisal,

Thanks for the feedback.

On the switch I see there are 3 locations for strings.

There is the

snmp-server community (string) RO

snmp-server community (string) RW

snmp-server host (manager address) (string)

On the manager the first 2 are defined under the device profile. The last one is defined under SNMP Receiver setup. Is that correct?

I have verified the strings are matching.

If the were not matching I do not thing the switch would transition the port over from the non authorization vlan to the authorization vlan.

On the console of the switch I see that the configuration changes are being done by SNMP from the managers IP address so I have to believe the strings are defined correctly. When I change one on either the swtich or manager, they loose connectivity.

I have also tried using a 3560 and have had the same result.

In my basic setup I am not doing any scanning or anything. Just trying to have the device get moved from the authorization vlan over to an access vlan with the user being defined on the local database of the manager. Should I be able to do this?

I was looking some of the other tabs.

Under the

device management

clean access

updates

They list the Supported Out-of-Band Switch OIDs. This number is zero (0).

As of right now I do not have the system setup to be able to access the internet, to obtain other switch OIDs. I am not sure I need any at this time. When I look to define a new device profile both the 3560 and 3750 is listed already. Am I correct with this assumption?

zebula · ‎08-20-2010

Faisal,

All of my previous testing was being done with the WEB login. All logins were unsuccessful.

I just finished setting up and using the AGENT login and that is successful.

Does that help indicate where my issue with the WEB login might be?

Since the AGENT works I am assuming I have the SNMP setup correct.

I will need to support both the WEB and AGENT login.

Any help would be appreciated.

Faisal Sehbai · ‎08-20-2010

Hi,

Having the CAM update is a good idea since we get all the OIDs and SNMP MIBs of the various devices we list as supported through this mechanism.

As to why the web login won't work and the agent one does, I'm not too sure. Are you defining separate login pages for separate VLANs?

Also what code is your switch running where you have the clients connecting?

Faisal

zebula · ‎08-23-2010

Faisal,

I am running 12.2(46)SE advanced enterprise code. I tried it using a 3750 and a 3560. Both had the same results.

The web and agent client is logging in from the same vlan.

I do not think I have defined separate login pages.

At this time, this is just a test setup to work out the basics of the configuration.

Faisal Sehbai · ‎08-25-2010

Hi,

Can you enable either the web agent or the JAVA applet in the login pages and try again?

Thanks

Faisal

zebula · ‎08-26-2010

Faisal,

I moved my test setup over to my production switches and the web login works. Not sure why. I went from one model of a 3750 to another. Both running the same code.

Thanks for the assistance.