AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

How do I use MAC notification traps on a Cisco switch? 

Jun 30, 2014 09:13 PM

Product and Software: This article applies to all ECS product and software versions.

This solution describes using MAC notification traps on a Cisco switch.

Because the NAC appliance is often responsible for a large number of devices, some with a large number of ports, polling every time a linkUp or linkDown trap is received can cause performance degradation.

Using the Cisco MAC notification traps instead of the standard linkUp and linkDown traps can increase performance. Once implemented, the NAC appliance will not have to read the forwarding tables of the Cisco switches each time a client plugs in or disconnects from the network. This is because the MAC notification traps contain MAC and connection data embedded in the traps.

Applicable environments include any that use Cisco switches and there is a network condition where:
  • Connection and disconnection on the network does not generate linkUp or linkDown traps, or
  • The number of ports in a switch is numerous enough to warrant the change
As an example, in VoIP, clients connect to the network behind IP Phones, Access Point Management (HUBs).

The solution is to set up each point to generate MAC Notification traps when a MAC address is added or removed from the network. This is done through the Cisco switch CLI.

The coldStart and warmStart traps are not affected by this configuration change.
  • Ensure that the Cisco switch is modeled and configured in the Topology view of the NAC appliance.
  • Ensure that the switch is configured with eth0 on the NAC server (control server on an application/control server pair) as the destination for trap information (trap receiver). For further information, refer to the Cisco documentation for your switch to see how to configure the switch. You may also find this document useful: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_1/config/snmp.pdf
The process for implementing traps includes:

1) Set up MAC Notification traps directly on the Cisco device through the device CLI.

2) Remove the linkUp and linkDown traps.

3) Test the set up.

Setting Traps on the Cisco Switch

1) Log into the Cisco switch.

2)  Enter "enable" mode.

3)  Run the following global commands:
configure terminal
mac-address-table notification
snmp-server enable traps MAC-Notification

4)  Run interface commands on each interface (or range of interfaces)
that will be enabled for MAC-Notification.

Example of an interface setup:
interface FastEthernet0/5
snmp trap mac-notification added
snmp trap mac-notification removed
Example of an interface range setup: (ports 1 - 23)
interface range fastEthernet 0/1-23
snmp trap mac-notification added
snmp trap mac-notification removed

5) Remove the linkUp and linkDown traps:

no snmp-server enable traps snmp linkup
no snmp-server enable traps snmp linkdown

6) When setup is complete, save the configuration:

write memory

Testing the Setup

1) Connect a new client to a newly configured port on a Cisco switch that is managed by the NAC appliance.

2) Ensure that the Topology view updates accordingly.

 

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.