Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2307
Views
8
Helpful
4
Replies

SNMP V3 AuthPriv configuration for NAC

luciano.carvalho
Level 1
Level 1

‎11-22-2010 09:28 AM - edited ‎02-21-2020 04:09 AM

Hi Guys,

I'm trying to configure SNMP V3 authpriv on a switch 2960 (12.2.53) to send mac notifications to a NAC Access Manager. But when "priv" is enabled on NAM, and a host is connected to a controlled OOB port, NAM does not change the port vlan to the configured authentication vlan as expected.

If I configure just the authentication on NAM, leaving PRIV as "No Priv"   everything works fine.

Any idea ?

Best Regards

Switch SNMP Config:

snmp-server community c2950_read RO

snmp-server view v1default iso included

snmp-server enable traps mac-notification

snmp-server enable traps snmp linkup linkdown

mac address-table aging-time 3600

snmp-server user cam_user cam_group v3 auth sha cam_auth priv des cam_priv

snmp-server host 1.1.1.1 traps version 3 auth cam_user udp-port 162 mac-notification snmp

snmp-server group cam_group v3 auth read v1default write v1default notify v1default

NAM Snmp Profile

Security Method (Auth/Priv)

User Name 

User Auth 

User Priv     

0 Helpful
4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

‎11-23-2010 02:56 AM

Hi,

What is the CCA version you are running?

Worth to check if you are hittingDDTS CSCsv84296: "SNMPv3 traps from switch, is not interpreted by CAM if authpriv is used".

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

luciano.carvalho
Level 1
Level 1
In response to Tiago Antunes

‎11-23-2010 04:25 AM

Hi Tiago,

Thanks for your answer. I'm running CAM 4.8.0.  On release notes for  CAM 4.5 and 4.7, the bug  CSCsv84296 is listed as corrected, but I think that the same problem could be hapenning on CAM 4.8.  I'll try to find more information. Thanks a lot for now.

0 Helpful

Eduardo Aliaga
Level 4
Level 4
In response to luciano.carvalho

‎11-24-2010 07:31 PM

It could be an IOS problem.

We're using NAC 4.8 and 3560 switches with IOS 12.2.50(SE5). We've configured SNMPv3 with SHA and 3DES without problems. Maybe you should try with that IOS version

luciano.carvalho
Level 1
Level 1
In response to Eduardo Aliaga

‎11-25-2010 02:50 AM

Hi Eduardo,

Could you please post the SNMP configuration you are using on the switch ?

I'm goingo to download the ios version you are using to test.

Best regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card