Guest

Cisco NAC Appliance (Clean Access)

Cisco NAC Appliance Switch and Wireless LAN Controller Support

  • Viewing Options

  • PDF (1.1 MB)
  • Feedback

Table of Contents

Cisco NAC Appliance Switch and Wireless LAN Controller Support

Switch Support Overview

Cisco NAC Appliance Switch Support Matrixes

Known Issues with Switches/WLCs

Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment

Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment

Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs) and DHCP

Troubleshooting

Preventing Loops on Central Switch for VGW/Central Deployments

OOB Switch Trunk Ports and Upgrade

Switch OID Support

NAC Appliance Device Support

MAC-Move Notification Support

Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)

Switch Support Overview

For all switch models/NMEs, Cisco recommends checking for limitations and verifying support for MAC notification and/or linkup-linkdown SNMP traps for the switch OS version you intend to use. See Known Issues with Switches/WLCs for further details.

Administrators update switch and Wireless LAN Controller (WLC) support object IDs (OIDs) using the update function in the CAM Device Management > Clean Access > Updates web console page. For example, if a new model of a supported switch family is released, Cisco NAC Appliance administrators only need to retrieve an update to ensure the latest support for switch OIDs. (That is, you are not required to upgrade the CAM/CAS software image, itself). The update switch OID feature only applies to existing models. If a new switch series is introduced, administrators will still need to upgrade to ensure OOB support for the new switches. Refer to the “Switch Management” (OOB) chapter of the Cisco NAC Appliance - Clean Access Manager Configuration Guide for details.

For In-Band (IB) Deployments

Cisco NAC Appliance is agnostic to switch/router platforms and versions. IB deployments can be Layer 2 (L2) or Layer 3 (L3):

  • For L2 deployments, user MAC/IP addresses need to be visible to the CAS
  • For L3 deployments (i.e. where the CAS can be one or more hops away from the user), the CAS differentiates users by IP address

For Out-of-Band (OOB) Deployments

With Cisco NAC Appliance Out-of-Band deployment, the CAS is inline with user traffic only during the process of authentication, assessment and remediation. Following that, user traffic does not pass through the CAS. In an OOB deployment, the Clean Access Manager (CAM) uses SNMP to control switches and set VLAN assignments for ports. When the CAM/CAS are set up for OOB, the CAM can control the switch ports of supported switches/NMEs with the corresponding minimum IOS/CatOS versions listed in the collection of switch family support tables in Cisco NAC Appliance Switch Support Matrixes.

Cisco NAC Appliance Switch Support Matrixes

The following tables include all Cisco switch models supported with Cisco NAC Appliance for both In-Band and Out-of-Band deployments:

 

Table 1 Supported Cisco Catalyst 2900 XL Switches 1

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

2908XL

Cisco Catalyst 2908XL switch with 8 10/100BaseTX ports 2

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.170

2916M-XL

Cisco Catalyst 2916M-XL switch with 16 10/100BaseTX ports and 2 uplink slots

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.171

2924C-XL

Cisco Catalyst 2924C-XL switch w/o port-based VLANs

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.184

2924C-XL

Cisco Catalyst 2924C-XL switch with 22 10BaseT/100BaseTX and 2 100BaseFX autosensing switch ports; supports port-based VLANs

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.218

2924M-XL

Cisco Catalyst 2924M-XL switch with 24 autosensing 10/100BaseTX ports and 2 uplink slots

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.220

2924XL

Cisco Catalyst 2924XL switch with 24 10/100BaseTX ports w/o port-based VLANs

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.183

2924XL

Cisco Catalyst 2924XL switch with 24 10BaseT/100BaseTX autosensing switch ports; supports port-based VLANs

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.217

WS-C2912-LRE-XL

Cisco Catalyst 2912XL switch (WS-C2912-LRE-XL) with 12 10BaseS VDSL ports and 4 10/100BaseTX ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.370

WS-C2918-24TC

Cisco Catalyst 2918 (WS-C2918-24TC) 24 10/100 ports + 2 dual purpose Gigabit Ethernet ports fixed configuration L2 Ethernet switch

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.966

2912MF-XL

Cisco Catalyst 2912MF-XL switch with 12 100BaseFX ports and 2 uplink slots

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.221

2912XL

Cisco Catalyst 2912XL switch with 12 autosensing 10/100BaseTX ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.219

WS-C2918-24TT

Cisco Catalyst 2918 (WS-C2918-24TT) 24 10/100 ports + 2 10/100/1000 ports fixed configuration L2 Ethernet switch

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.965

WS-C2918-48TC

Cisco Catalyst 2918 (WS-C2918-48TC) 48 10/100 ports + 2 dual purpose Gigabit Ethernet ports fixed configuration L2 Ethernet switch

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.968

WS-C2918-48TT

Cisco Catalyst 2918 (WS-C2918-48TT) 48 10/100 ports + 2 10/100/1000 Ethernet ports fixed configuration L2 Ethernet switch

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.967

WS-C2924-LRE-XL

Cisco Catalyst 2924XL switch (WS-C2924-LRE-XL) with 24 10BaseS VDSL ports and 4 10/100BaseTX ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.369

1.Cisco NAC Appliance supports Cisco Catalyst 2900 XL and 3500 XL only until the product (switch) end of support. For details, refer to http://www.cisco.com/en/US/products/hw/switches/prod_category_end_of_life.html.

2.2900 XL and 3500 XL do not support SNMP V3.

 

Table 2 Supported Cisco Catalyst 2940 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

2940-8TF

Cisco Catalyst 2940 L2 switch with 8 10/100 copper ports, 1 100 FX Uplink port and 1 Gigabit SFP Module slot

3.5(4)

Cisco IOS Software Release 12.1(6)EA3

1.3.6.1.4.1.9.1.542

2940-8TT

Cisco Catalyst 2940 L2 switch with 8 10/100 copper ports and 1 10/100/1000 copper uplink port 3

3.5(4)

Cisco IOS Software Release 12.1(6)EA2

1.3.6.1.4.1.9.1.540

3.Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

 

Table 3 Supported Cisco Catalyst 2950 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C2950-12 4,5

Cisco Catalyst c2950 switch with 12 10/100 BaseTX ports (WS-C2950-12)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.323

WS-C2950-24

Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports (WS-C2950-24)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.324

WS-C2950-24SX

Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports and 2 fixed 1000Base Multimode fiber (SX) ports (WS-C2950-24SX)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.480

WS-C2950C-24

Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports and 2 100 BASE-FX uplink ports (WS-C2950C-24)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.325

WS-C2950G-12

Cisco Catalyst c2950 switch with 12 10/100 BaseTX ports and 2 GBIC slots (WS-C2950G-12)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.427

WS-C2950G-24

Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports and 2 GBIC slots (WS-C2950G-24)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.428

WS-C2950G-24DC

Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports and 2 GBIC slots and DC power (WS-C2950G-24DC)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.472

WS-C2950G-24-LRE

Cisco Catalyst c2950 switch with 24 10 BaseS VDSL Ports and 2 GBIC slots (WS-C2950G-24-LRE)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.484

WS-C2950G-48

Cisco Catalyst c2950 switch with 48 10/100 BaseTX ports and 2 GBIC slots (WS-C2950G-48)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.429

WS-C2950S-24

Cisco Catalyst c2950 switch with 24 10/100 BaseSX ports (Single Mode) and 2 GBIC slots (WS-C2950S-24)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.430

WS-C2950ST-24-LRE

Cisco Catalyst c2950 switch with 24 10 BaseS VDSL Ports and 2 ST (SFP or 10/100/1000 BaseT) (WS-C2950ST-24-LRE)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.482

WS-C2950ST-24-LRE-997

Cisco Catalyst c2950 Long Reach Ethernet switch that confirms to ETSI 997 with 24 LRE interfaces, 2 10/100/1000 Small form factor copper interfaces and DC power supply (WS-C2950ST-24-LRE-997)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.551

WS-C2950ST-8-LRE

Cisco Catalyst c2950 switch with 8 10 BaseS VDSL Ports and 2 ST (SFP or 10/100/1000 BaseT) (WS-C2950ST-8-LRE)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.483

WS-C2950SX-48-SI

Cisco Catalyst c2950 switch with 48 10/100 BaseT ports and 2 fixed 1000 Base Multimode fiber (SX) ports (WS-C2950SX-48-SI

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.560

WS-C2950T-24

Cisco Catalyst c2950 switch with 24 10/100 BaseT ports and 2 10/100/1000 BaseT ports (WS-C2950T-24)

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.359

WS-C2950T-48-SI

Cisco Catalyst c2950 switch with 48 10/100 BaseT ports and 2 fixed 10/100/1000 BaseT ports (WS-C2950T-48-SI

3.5(0)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.559

4.Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

5.Cisco IOS 12.1(14)EA1 or above is required for 2950/2950 LRE switches. 2950s running 12.1(11)-12.1(13) may experience caveat CSCea56777 which prevents the VLAN from being changed on the switch itself.

 

Table 4 Supported Cisco Catalyst 2955 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

2955C-12

Cisco Catalyst c2955 Industrial switch with 12 10/100 Base-TX ports and 2 100 Base-FX ports

3.6(1)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.489

2955S-12

Cisco Catalyst c2955 Industrial switch with 12 10/100 Base-T ports and 2 100 Base-LX Single Mode Uplink ports

3.6(1)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.508

2955T-12

Cisco Catalyst c2955 Industrial switch with 12 10/100 Base-TX ports and 2 10/100/1000 Base-TX ports

3.6(1)

Cisco IOS Software Release 12.1(14)EA1

1.3.6.1.4.1.9.1.488

 

Table 5 Supported Cisco Catalyst 2960 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C2960S-48LDP-L

Catalyst 2960S 48 Gig Downlinks and 2 SFP+ uplink with support for a 2 x 10G stacking module. POE support for 370W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1259

WS-C2960-24 6

Catalyst 2960 24 10/100 ports + 2 dual-purpose GE ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.694

WS-C2960-24LC-S

Catalyst 2960 8 10/100 Power over Ethernet ports + 16 10/100 Ethernet ports + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1146

WS-C2960-8TC-L

Catalyst 2960 8 10/100 ports + 1 dual purpose GE port fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.798

WS-C2960G-48

Catalyst 2960 44 10/100/1000 ports + 4 dual-purpose GE ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.697

WS-C2960G-8TC-L

Catalyst 2960 7 10/100/1000 ports + 1 dual purpose GE port fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.799

WS-C2960PD-8TT-L

Catalyst 2960 8 10/100 ports plus 1T PD port Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.952

WS-C2960-24TC-S

Catalyst 2960 24 10/100 ports plus 2 dual purpose GE ports fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.928

WS-C2960-24TT-L

Catalyst 2960 24 10/100 ports + 2 10/100/1000 ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.716

WS-C2960-48

Catalyst 2960 48 10/100 ports + 2 dual-purpose GE ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.695

WS-C2960-8TC-S

Catalyst 2960 8 10/100 ports + 1 dual purpose Gigabit Ethernet port fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1006

WS-C2960G-24

Catalyst 2960 20 10/100/1000 ports + 4 dual-purpose GE ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.696

WS-C2960S-24PD-L

Catalyst 2960S 24 Gig Downlinks and 2 SFP+ uplink with support for a 2 x 10G stacking module. POE support for 370W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1261

WS-C2960S-24PS-L

Catalyst 2960S 24 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module. POE support for 370W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1265

WS-C2960-24LT-L

Catalyst 2960 24 10/100 ports, 8 PoE and 2T ports Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.951

WS-C2960-24PC-L

Catalyst 2960 24 10/100 PoE ports plus 2 dual purpose GE ports Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.950

WS-C2960-24PC-S

Catalyst 2960 24 10/100 Power over Ethernet ports + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1147

WS-C2960-48PST-L

Catalyst 2960 48 10/100 PoE ports + 2 10/100/1000 Ethernet Ports + 2 SFP fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1016

WS-C2960-24PS-TS

Catalyst 2960 48 10/100 Power over Ethernet ports + 2 10/100/1000 Ethernet ports + 2 SFP fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1148

WS-C2960-24-S

Catalyst 2960 24 10/100 ports Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.929

WS-C2960-48TC-S

Catalyst 2960 48 10/100 ports plus 2 dual purpose GE ports fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.927

WS-C2960-48TT-L

Catalyst 2960 48 10/100 ports + 2 10/100/1000 ports fixed configuration L2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.717

WS-C2960-48TT-S

Catalyst 2960 48 10/100 ports + 2 10/100/1000 Ethernet ports fixed configuration Layer 2 Ethernet switch

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1005

WS-C2960S-24TD-L

Catalyst 2960S 24 Gig Downlinks and 2 SFP+ uplink with support for a 2 x 10G stacking module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1262

WS-C2960S-24TS-L

Catalyst 2960S 24 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1267

WS-C2960S-24TS-S

Catalyst 2960S 24 Gig Downlinks and 2 SFP uplink, Non-stackable module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1257

WS-C2960S-48FPD-L

Catalyst 2960S 48 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module. POE support for 740W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1258

WS-C2960S-48FPS-L

Catalyst 2960S 48 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module. POE support for 740W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1263

WS-C2960S-48LPS-L

Catalyst 2960S 48 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module. POE support for 370W

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1264

WS-C2960S-48TD-L

Catalyst 2960S 48 Gig Downlinks and 2 SFP+ uplink with support for a 2 x 10G stacking module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1260

WS-C2960S-48TS-L

Catalyst 2960S 48 Gig Downlinks and 4 SFP uplink with support for a 2 x 10G stacking module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1266

WS-C2960S-48TS-L

Catalyst 2960 48 Ethernet 10/100/1000 ports + 4 1 Gigabit Ethernet SFP uplink ports

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1208

WS-C2960S-48TS-S

Catalyst 2960S 48 Gig Downlinks and 2 SFP uplink, Non-stackable module

3.5(7)

Cisco IOS Software Release 12.2(25)

1.3.6.1.4.1.9.1.1256

6.Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

 

Table 6 Supported Cisco Catalyst 2970 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C2970G-24T

Catalyst 2970 24 10/100/1000 ports L2 Ethernet switch

4.1(1)

Cisco IOS Software Release 12.2(25)SE

1.3.6.1.4.1.9.1.527

WS-C2970G-24TS

Catalyst 2970 24 10/100/1000 ports + 4 SFP ports L2 Ethernet switch

4.1(1)

Cisco IOS Software Release 12.2(25)SE

1.3.6.1.4.1.9.1.561

WS-C2975GS-48PS-L

Catalyst 2970 48 Ethernet 10/100/1000 PoE ports and 4 Small Form-Factor Pluggable (SFP) uplinks

4.1(1)

Cisco IOS Software Release 12.2(25)SE

1.3.6.1.4.1.9.1.1068

 

Table 7 Supported Industrial Ethernet 3000 Switches 7 , 8

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

Cisco IE-3000-4TC

Industrial Ethernet switch with four Ethernet 10/100 ports and two dual-purpose uplink ports (a dual-purpose port has one 10/100/1000BaseTX port and one Small Form-Factor Pluggable [SFP] port, port active).

4.8(0)

Cisco IOS Software Release 12.2(55)SE

1.3.6.1.4.1.9.1.958

Cisco IE-3000-8TC

Industrial Ethernet switch with eight Ethernet 10/100 ports and two dual-purpose uplink ports.

4.8(0)

Cisco IOS Software Release 12.2(55)SE

1.3.6.1.4.1.9.1.959

Cisco IE-3010-16S-8PC

Rugged Industrial Ethernet switch with 16 Fast Ethernet SFP ports, 8 10/100 BASETX/PoE ports, and 2 dual-purpose Gigabit Ethernet uplinks.

4.8(0)

Cisco IOS Software Release 12.2(53)SE

1.3.6.1.4.1.9.1.1319

Cisco IE-3010-24TC

Rugged Industrial Ethernet switch with 24 10/100BASETX ports and 2 dual-purpose Gigabit Ethernet uplinks.

4.8(0)

Cisco IOS Software Release 12.2(53)SE

1.3.6.1.4.1.9.1.1320

7.IE 3000/3010 switch series are running the same baseline IOS as Catalyst 2960. To add or configure this switch on the CAM, choose Cisco Catalyst 2960 series from the drop-down in the CAM Switch Management > Profiles > Switch > New > Switch Model web console page.

8.For further details on Cisco Industrial Ethernet 3000 / 3010 Series Switches, refer to http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9703/data_sheet_c78-440930.html and http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9703/datasheet_c78-637080.html

Table 8 Supported Cisco Catalyst 3500 XL Switches 9

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

3508G-XL

Cisco Catalyst 3508G-XL switch with 8 GBIC Gigabit ports 10

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.246

3512XL

Cisco Catalyst 3512XL switch with 12 10/100BaseTX ports and 2 GBIC Gigabit ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.247

3524-PWR XL

Cisco Catalyst 3524XLEn switch with 24 10/100 ports and 2 GBIC gigabit ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.287

3524XL

Cisco Catalyst 3524XL switch with 24 10/100BaseTX ports and 2 GBIC Gigabit ports

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.248

3548XL

Cisco Catalyst 3548XL switch

3.5(4)

Cisco IOS Software Release 12.0(5)WC7

1.3.6.1.4.1.9.1.278

9.Cisco NAC Appliance supports Cisco Catalyst 2900 XL and 3500 XL only until the product (switch) end of support. For details, refer to http://www.cisco.com/en/US/products/hw/switches/prod_category_end_of_life.html.

10.2900 XL and 3500 XL do not support SNMP V3.

 

Table 9 Supported Cisco Catalyst 3550 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C3550-12G

Cisco Catalyst 3550 10 GBIC + 2 10/100/1000 BaseT ports, fixed configuration layer 2/3 Ethernet switch (WS-C3550-12G)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.431

WS-C3550-12T

Cisco Catalyst 3550 12 1000 BaseT ports fixed configuration Layer 2/Layer 3 Ethernet Switch (WS-C3550-12T)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.368

WS-C3550-24 11

Cisco Catalyst 3550 24 10/100 ports + 2 Gig uplinks fixed configuration Layer 2/Layer 3 Ethernet Switch (WS-C3550-24)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.366

WS-C3550-24DC

Cisco Catalyst 3550 24 10/100 BaseTX ports + 2 Gig uplinks fixed configuration Layer 2/Layer 3 Ethernet Switch with DC power (WS-C3550-24DC)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.452

WS-C3550-24-MMF

Cisco Catalyst 3550 24 10/100 Multimode Fiber ports + 2 Gig uplinks fixed configuration Layer 2/Layer 3 Ethernet Switch (WS-C3550-24-MMF)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.453

WS-C3550-24-PWR

Cisco Catalyst 3550 24 10/100 ports with inline power and 2 Gig uplinks fixed configuration Layer 2/Layer 3 Ethernet Switch (WS-C3550-24-PWR)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.485

WS-C3550-48

Cisco Catalyst 3550 48 10/100 ports + 2 Gig uplinks fixed configuration Layer 2/Layer 3 Ethernet Switch (WS-C3550-48)

3.5(0)

Cisco IOS Software Release 12.1(8)EA1b

1.3.6.1.4.1.9.1.367

11.Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

 

Table 10 Supported Cisco Catalyst 3560 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C3560-48TS

Catalyst 3560 48 10/100 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.634

WS-C3560-8PC

Catalyst 3560 8 10/100 PoE ports + 1 dual purpose GE port fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.797

WS-C3560E-12SD

Catalyst 3560E 12 SFP Gigabit Ethernet ports + 2 10 Gigabit Ethernet (X2) ports

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.956

WS-C3560E-24PD

Catalyst 3560E 24 10/100/1000 PoE ports + 2 X2 ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.795

WS-C3560E-24TD

Catalyst 3560E 24 10/100/1000 ports + 2 X2 ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.793

WS-C3560-48TS

Catalyst 3560 48 10/100 ports + 4 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Non-stackable switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1024

WS-C3560E-48PD

Catalyst 3560E 48 10/100/1000 PoE ports + 2 X2 ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.796

WS-C3560E-48TD

Catalyst 3560E 48 10/100/1000 ports + 2 X2 ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.794

WS-C3560G-24PS

Catalyst 3560 24 10/100/1000 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.614

WS-C3560G-24TS

Catalyst 3560 24 10/100/1000 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.615

WS-C3560G-48PS

Catalyst 3560 48 10/100/1000 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.616

WS-C3560G-48TS

Catalyst 3560 48 10/100/1000 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.617

WS-C3560X-24

Catalyst 3560X 24 10/100/1000 Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1226

WS-C3560X-24P

Catalyst 3560X 24 10/100/1000 PoE Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1228

WS-C3560X-48

Catalyst 3560X 48 10/100/1000 Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1227

WS-C3560X-48P

Catalyst 3560X 48 10/100/1000 PoE Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1229

WS-C3560-12PC

Catalyst 3560E 12 10/100 PoE ports + 1 dual purpose GE port fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1015

WS-C3560-24PS

Catalyst 3560 24 10/100 ports + 2 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Non-stackable PoE switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1021

WS-C3560-24PS 12

Catalyst 3560 24 10/100 PoE ports + 2 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.563

WS-C3560-24TS

Catalyst 3560 24 10/100 ports + 2 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.633

WS-C3560-24TS

Catalyst 3560 24 10/100 ports + 2 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Non-stackable switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1020

WS-C3560-24TS-D

Catalyst 3560 24 10/100 ports + 2 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Non-stackable switch, DC power

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1019

WS-C3560-48PS

Catalyst 3560 48 10/100 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.564

WS-C3560-48PS

Catalyst 3560 48 10/100 ports + 4 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Non-stackable PoE switch

3.5(1)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1025

12.Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

 

Table 11 Supported Cisco Catalyst 3750 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-C3750V2-48TS-S

Catalyst 3750 48 Ethernet 10/100 ports and 4 SFP Gigabit Ethernet ports; 1RU

4.8(3)

Cisco IOS Software Release 12.2(50)SE

1.3.6.1.4.1.9.1.1026

WS-C3750G-24TS

Catalyst 3750 24 10/100/1000 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.513

WS-C3750G-24WS-S25

Catalyst 3750 Unified Access Switch with 24 10/100/1000 PoE ports + 2 GE/SFP ports and integrated Wireless Controller supporting up to 25 Access Points

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.778

WS-C3750G-24WS-S50

Catalyst 3750 Unified Access Switch with 24 10/100/1000 PoE ports + 2 GE/SFP ports and integrated Wireless Controller supporting up to 50 Access Points

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.779

WS-C3750G-48PS

Catalyst 3750 48 10/100/1000 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.603

WS-C3750G-48TS

Catalyst 3750 48 10/100/1000 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.604

WS-C3750X-24

Catalyst 3750X 24 10/100/1000 Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1222

WS-C3750X-24P

Catalyst 3750X 24 10/100/1000 PoE Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1224

WS-C3750X-48

Catalyst 3750X 48 10/100/1000 Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1223

WS-C3750X-48P

Catalyst 3750X 48 10/100/1000 PoE Ports + 4 SFP Ports + 2 SFP+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1225

WS-C3750E-24PD

Catalyst 3750E 24 10/100/1000 PoE ports + 2 X2 ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.792

WS-C3750E-24TD

Catalyst 3750E 24 10/100/1000 ports + 2 X2 ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.789

WS-C3750E-48PD

Catalyst 3750E 48 10/100/1000 PoE ports + 2 X2 ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.791

WS-C3750E-48TD

Catalyst 3750E 48 10/100/1000 ports + 2 X2 ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.790

WS-C3750G-12SFP

Catalyst 3750 12 GE/SFP ports L2/L3 Ethernet switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.530

WS-C3750G-16TD

Catalyst 3750 16 10/100/1000 ports + 1 X2 port fixed configuration L2/L3 Ethernet switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.591

WS-C3750G-24DC

Catalyst 3750 switch with 12 SFP Gigabit Ethernet ports and DC power supply

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.688

WS-C3750G-24PS

Catalyst 3750 24 10/100/1000 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.602

WS-C3750G-24PS

Cisco 3750 24+2 port 10/100/1000 Switch with integrated Cisco 4402 Wireless Controller

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.747

WS-C3750G-24T

Catalyst 3750 24 10/100/1000 ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.514

WS-C3750G-24TS

Catalyst 3750 24 10/100/1000 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.624

3750-stack

Cisco Catalyst 37xx stackable ethernet switches with unified identity, control and management

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.516

ME-C3750-24TE-MD

Metro Ethernet Catalyst 3750 24 10/100 + 2 SFP ports for downlinks and 2 SFP ES ports for uplinks

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.574

WS-C3750-24 13,14

Catalyst 3750 24 10/100 ports + 2 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.511

WS-C3750-24FS

Catalyst 3750 24 100 ports + 2 GE/SFP ports fixed configuration L2/L3 Ethernet switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.656

WS-C3750-24PS

Catalyst 3750 24 10/100 PoE ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.536

WS-C3750-24PS

Catalyst 3750 24 10/100 ports + 2 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Stackable PoE switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1023

WS-C3750-24TS

Catalyst 3750 24 10/100 ports + 2 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1022

WS-C3750-24WS

Catalyst 3750 24 10/100 PoE ports + 4 GE/SFP Ports fixed configuration L2/L3 Ethernet Stackable Switch with Wireless Network Services

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.644

WS-C3750-48

Catalyst 3750 48 10/100 ports + 4 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.512

WS-C3750-48PS

Catalyst 3750 48 10/100 PoE ports + 2 GE/SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.535

WS-C3750-48PS

Catalyst 3750 48 10/100 ports + 4 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Stackable PoE switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1027

WS-C3750-48TS

Catalyst 3750 48 10/100 ports + 4 Ethernet Gigabit SFP ports fixed configuration L2/L3 Ethernet Stackable switch

3.5(0)

Cisco IOS Software Release 12.2(25)SEE

1.3.6.1.4.1.9.1.1026

13.IOS 12.2(25)SEE or above is required for 3750 L3 switches. 3750 Stacks are affected by caveats CSCse86236 and CSCsg31176 (both resolved in upcoming IOS release 12.2(35)SE). For details, see Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment.

14.CCA OOB supports 3750 StackWise technology. With stacks, when mac-notification is used and there are more than 252 ports on the stack, mac-notification cannot be set/unset for the 252nd port using the CAM. There are two workarounds: 1) Use linkup/linkdown SNMP notifications only. 2) If using mac-notification, do not use the 252nd port and ignore the error; other ports will work fine.

 

Table 12 Supported Cisco Catalyst 3850 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS-XE Version
Cisco NAC Appliance OID

WS-C3850-48P

Catalyst 3850 48 10/100/1000 POE/POE+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1641

WS-C3850-24P

Catalyst 3850 24 10/100/1000 POE/POE+ Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1642

WS-C3850-48T

Catalyst 3850 48 10/100/1000 Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1643

WS-C3850-24T

Catalyst 3850 24 10/100/1000 Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1644

WS-C3850-48U

Catalyst 3850 48 10/100/1000 UPoE Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1767

WS-C3850-24U

Catalyst 3850 24 10/100/1000 UPoE Ports Layer 2/Layer 3 Ethernet Stackable Switch

4.9(4)

Cisco IOS XE 3.2.xSE

1.3.6.1.4.1.9.1.1768

 

Table 13 Supported Cisco Catalyst 4000/450015 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

4000

Cisco Catalyst 4000 Series 16,17,18,19

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.7

4510 R+E

Cisco Catalyst 4510R+E switch

3.5(0)

Cisco IOS XE Software Release 3.0(1)SG

1.3.6.1.4.1.9.1.1287

WS-C2948G CatOS 6

Cisco Catalyst 2948G (WS-C2948G CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.42

WS-C2948G 6

Cisco Catalyst WS-C2948G Layer 3 switch featuring IP, IPX, and IP multicast with 48 10/100BaseTX ports using DC power

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.386

WS-C2948-GGE-TX CatOS 6

Cisco Catalyst 2948GGETX (WS-C2948-GGE-TX CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.62

WS-C2948G-L320

Cisco Catalyst WS-C2948G-L3 48 port 10/100 Layer 3 switch with 2 GBIC ports

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.275

WS-C2980-G CatOS 6

Cisco Catalyst 2980G (WS-C2980-G CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.49

WS-C2980-GA CatOS 6

Cisco Catalyst 2980GA (WS-C2980-GA CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.51

WS-C4003 CatOS

Cisco Catalyst 4000 series with 3 slots (WS-C4003 CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.40

WS-C4006

Cisco Catalyst 4000 Series with 6 slots (WS-C4006)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.448

WS-C4006 CatOS

Cisco Catalyst 4000 series with 6 slots (WS-C4006 CatOS)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.46

WS-C4500

Cisco Catalyst 4500 (WS-C4500)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.14

WS-C4503

Cisco Catalyst 4500 with 3 slots (WS-C4503)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.503

WS-C4503-E

Catalyst 4500 E-series with 3 slots (WS-C4503-E)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.874

WS-C4503-SUP CatOS

Cisco Catalyst 4500 stack with 3 slots (WS-C4503-SUP CatOS)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.58

WS-C4506

Cisco Catalyst 4500 with 6 slots (WS-C4506)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.502

WS-C4506-E

Catalyst 4500 E-series with 6 slots (WS-C4506-E)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.875

WS-C4506-SUP CatOS

Cisco Catalyst 4500 stack with 6 slots (WS-C4506-SUP CatOS)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.5.59

WS-C4507R

Cisco Catalyst 4500 with 7 slots (WS-C4507R)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.501

WS-C4507R-E

Catalyst 4500 E-series with 7 slots (WS-C4507R-E)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.876

WS-C4507R+E

Catalyst 4500 E-series with 7 slots (WS-C4507R+E)

3.5(0)

Cisco IOS Software Release 12.2(54)SG

1.3.6.1.4.1.9.1.1286

WS-C4510R

Cisco Catalyst 4500 with 10 slots (WS-C4510R)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.537

WS-C4510R-E

Catalyst 4500 E-series with 10 slots (WS-C4510R-E)

3.5(0)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.877

WS-C4948 21

Cisco Catalyst 4000 with 48 10/100/1000BaseT ports and 4 1000BaseX SFP ports (WS-C4948)

4.1(0)

Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.626

WS-C4948E

Cisco Catalyst 4948E with 48 10/100/1000-Gbps RJ45 downlink ports and four 1/10 Gigabit Ethernet uplink ports

4.1(0)

Cisco IOS Software Release 12.2(54) XO

1.3.6.1.4.1.9.1.1178

WS-C4948-10GE

Cisco Catalyst 4000 with 48 10/100/1000BaseT ports and 2 10 Gbps ports (WS-C4948-10GE)

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.659

WS-X4604-GWY

Cisco Catalyst 4000 Series Access Gateway

3.5(8)

Cisco Catalyst OS Release 7.1 or Cisco IOS Software Release 12.2(31)SGA02

1.3.6.1.4.1.9.1.318

15.If CAM is using SNMP V3 for write, a 4500 switch might get disabled after 10 consecutive write failures. All 4500 switches having default SNMP EngineId configuration might bootup with same EngineId due to IOS caveat: CSCsz43512.

16.Catalyst 4000/4500 code support is dependent on the Supervisor, not the chassis. On Catalyst 4000/4500, Supervisor I/II only support CatOS.

17.On Catalyst 4000/4500, Supervisor II+/III/IV/V only support IOS. For IOS code, MAC notification is supported only from 12.2(31) SG onwards. Supervisor III does not support 12.2(31)SG (hence, does not support mac-notification) and must run 12.2(25)EWA release train. Supervisor II+/IV/V support 12.2(31)SG. If using linkup notification for OOB, code prior to 12.2(31) SG can also be used.

18.Catalyst 4000/4500 requires minimum IOS version 12.2(31)SGA02 due to caveat CSCsi25194.

19.Caveat CSCsr84693 outlines MAC notification SNMP functions on the Catalyst 4500. For details on this issue, access the Cisco Bug Toolkit portal from http://www.cisco.com/cisco/web/support/index.html.

20.The switch model is derived from 4000/4500 series.

21.Catalyst 4948 is based on Catalyst 4500 series. To add/configure this switch on the CAM, choose Cisco Catalyst 4000/4500 series under Switch Management > Profiles > Switch > New | Switch Model.

 

Table 14 Supported Cisco Catalyst 6000/6500 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

6000

Cisco Catalyst 6000 Series 22

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.241

760323

Cisco Optical Services Router 7600 Series Chassis with 3 slots

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.401

7606 2

Cisco Optical Services Router 7600 Series Chassis with 6 slots

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.402

7609 2

Cisco 7600 Series Chassis with 9 slots

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.509

7613 2

Cisco 7600 Series Chassis with 13 slots

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.528

6500VSS

Cisco Catalyst 6500 series catalyst65xxVirtualSwitch

3.5(0)

Cisco IOS Software Release 12.2(33)SXH

1.3.6.1.4.1.9.1.896

WS-C6006 CatOS

Cisco Catalyst 6000 Series with 6 slots (WS-C6006 CatOS)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.38

WS-C6006-IOS

Cisco Catalyst 6000 Series with 6 slots (WS-C6006-IOS)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.280

WS-C6009 CatOS

Cisco Catalyst 6000 Series with 9 slots with CatOS (WS-C6009 CatOS)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.39

WS-C6009-IOS

Cisco Catalyst 6000 Series with 9 slots (WS-C6009-IOS)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.281

WS-C6513-IOS

Cisco Catalyst 6500 series with 13 slots (WS-C6513-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.400

WS-F6K-MSFC

Cisco Catalyst 6000 Series Multilevel Switching Feature Card

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.258

WS-F6K-MSFC2

Cisco Catalyst 6000 Series Multilevel Switching Feature Card Version 2

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.301

WS-C6504E CatOS

Cisco Catalyst 6500 series with 4 slots (WS-C6504E CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.64

WS-F6K-MSFC3

Cisco Catalyst 6000 Series Multilevel Switching Feature Card Version 2a

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.706

WS-SVC-SSL-1-K924

Cisco Catalyst 6500 series High-Speed SSL Termination Engine (WS-SVC-SSL-1-K9)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.554

WS-X6302-MSM

Cisco Catalyst 6000 or 6500 Series Multilayer Switch Module (WS-X6302-MSM)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.256

WS-X6380-NAM

Cisco Catalyst 6000 Series Network Analysis Module (CatOS)

3.5(8)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.48

WS-C6503 CatOS

Cisco Catalyst 6500 series with 3 slots (WS-C6503 CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.5

WS-C6506 CatOS

Cisco Catalyst 6500 Series with 6 slots with CatOS (WS-C6506 CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.45

WS-C6506-IOS

Cisco Catalyst 6500 series with 6 slots (WS-C6506-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.282

WS-C6509 CatOS

Cisco Catalyst 6500 Series with 9 slots with CatOS (WS-C6509 CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.44

WS-C6509-IOS

Cisco Catalyst 6500 series with 9 slots (WS-C6509-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.283

WS-C6503-IOS

Cisco Catalyst 6500 series with 3 slots (WS-C6503-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.449

WS-C6504-E

Cisco Catalyst 6500 Series with 4 slots

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.657

WS-C6509-NEB CatOS

Cisco Catalyst 6500 Series with 9 slots with CatOS (WS-C6509-NEB CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.47

WS-C6509-NEB-A CatOS

Cisco Catalyst 6500 series with 9 slots (WS-C6509-NEB-A CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.61

WS-C6509-NEB-A-IOS

Cisco Catalyst 6500 series with 9 slots (WS-C6509-NEB-A-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.534

WS-C6509SP-IOS

Cisco Catalyst 6500 series with 9 slots Constellation vertical slot chassis (WS-C6509SP-IOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.1.310

WS-C6513 CatOS

Cisco Catalyst 6500 series with 13 slots (WS-C6513 CatOS)

3.5(0)

Cisco Catalyst OS Release 7.5 or Cisco IOS Software Release12.2(33)SXH1

1.3.6.1.4.1.9.5.50

22.Catalyst 6000/6500 on IOS supports mac-notification from 12.2(33)SXH onwards. If Catalyst 6000/6500 is at the edge and a user is connecting directly to the switch, SNMP linkup notification can be used with an earlier minimum release (i.e. IOS 12.1(8a)EX). If the user is connecting from behind an IP phone, then mac-notification is required.

23.7600 series router line and 6500 series switch line are interchangeable.

24.SSL services module for Cisco catalyst 6500 series.

 

Table 15 Supported Cisco Catalyst Express 500 Switches

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

WS-CE500-24LC

Catalyst Express 500 24 10/100 ports (4 Power Over Ethernet Ports) + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE500-24LC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.725

WS-CE500-24PC

Catalyst Express 500 24 Power Over Ethernet Ports + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE500-24PC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.726

WS-CE520-8TC

Catalyst Express 520 8 10/100 PoE Ports + 1 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE520-8TC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.897

WS-CE520G-24TC

Catalyst Express 520 24 Gigabit Ethernet Ports + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE520G-24TC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.935

WS-CE500-24TT 25,26

Catalyst Express 500 24 10/100 ports + 2 Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE500-24TT)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.724

WS-CE500G-12TC

Catalyst Express 500 8 Gigabit Ethernet Ports + 4 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE500G-12TC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.727

WS-CE520-24LC

Catalyst Express 520 24 10/100 ports (4 PoE ports) + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE520-24LC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.933

WS-CE520-24PC

Catalyst Express 520 24 Power Over Ethernet Ports + 2 dual purpose Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE520-24PC)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.934

WS-CE520-24TT

Catalyst Express 520 24 10/100 ports + 2 Gigabit Ethernet ports fixed configuration Layer 2 Ethernet switch (WS-CE520-24TT)

3.6(1)

Cisco IOS Release 12.2(25)SEG

1.3.6.1.4.1.9.1.932

25.With IOS release 12.2.25(SEG) for CE500, MAC-NOTIFICATION SNMP traps are supported on all Smartport roles (including DESKTOP and IPPHONE roles). After upgrading to 12.2.25(SEG), customers can configure MAC-NOTIFICATION for CE500 under Switch Management > Devices > List > Config [Switch IP] > Config > Advanced on the CAM. For CCA 3.6.2, 3.6.3, 4.0.0, 4.0.1, 4.0.2, CE500 supports linkup/linkdown SNMP notifications by default and the “OTHER role” warning message can be ignored when changing to MAC-NOTIFICATION traps. Note that in future Cisco NAC Appliance releases, this warning message will removed and the default control method for CE500 will be MAC-NOTIFICATION traps.

26.If running an IOS version lower than 12.2(25) SEG, the CE500 switch ports must be assigned to the OTHER role (not Desktop or IP phone) on the switch's Smartports configuration, otherwise, mac-notification will not be sent out.

 

Table 16 Supported Cisco Etherswitch Service Modules

Switch Model
Description
Minimum Required Cisco NAC Appliance Release
Minimum Required Cisco IOS/CatOS Version
Cisco NAC Appliance OID

NME-16ES-1G

EtherSwitch Service Module 16 10/100 ports + 1 Ethernet Gigabit port fixed configuration Layer 2/Layer 3 Ethernet switch with no inline power

3.6(4)

Switch OS version 12.2(25)SEC or IOS version 12.3(14)T3

1.3.6.1.4.1.9.1.702

NME-16ES-1G-P

16-port 10/100 Cisco EtherSwitch service module w/802.3af, 1 10/100/1000 port, and IP Base

3.6(4)

Switch OS version 12.2(25)EZ or IOS version 12.3(14)T

1.3.6.1.4.1.9.1.663

NME-X-23ES-1G

EtherSwitch Service Module 23 10/100 ports + 1 Ethernet Gigabit port fixed configuration Layer 2/Layer 3 Ethernet switch with no inline power

3.6(4)

Switch OS version 12.2(25)SEC or IOS version 12.3(14)T3

1.3.6.1.4.1.9.1.703

NME-X-23ES-1G-P

23-port 10/100 Cisco EtherSwitch service module w/802.3af, 1 10/100/1000 port w/ 802.3af, and IP Base

3.6(4)

Switch OS version 12.2(25)EZ or IOS version 12.3(14)T

1.3.6.1.4.1.9.1.664

NME-XD-24ES-1S-P

24-port 10/100 Cisco EtherSwitch service module w/802.3af, 1 SFP, Cisco StackWise connectors, and IP Base

3.6(4)

Switch OS version 12.2(25)EZ or IOS version 12.3(14)T

1.3.6.1.4.1.9.1.665

NME-XD-48ES-2S-P

48-port 10/100 Cisco EtherSwitch service module w/ 802.3af, 2 SFPs, and IP Base

3.6(4)

Switch OS version 12.2(25)EZ or IOS version 12.3(14)T

1.3.6.1.4.1.9.1.666

 

Table 17 Supported Cisco Wireless LAN Controllers for Wireless Out-of-Band

Wireless LAN Controller Model
Minimum Required Cisco NAC Appliance Release
Minimum Required WLC OS Version
Cisco NAC Appliance OID

Integrated service router series 28xx/38xx with Wireless Lan Controller Network Module

4.5(0)

5.1

1.3.6.1.4.1.9.1.818

Cisco 2100 Series Wireless LAN Controllers

4.5(0)

5.1

1.3.6.1.4.1.9.1.828

Cisco 4200/4400 Series Wireless LAN Controllers

4.5(0)

5.1

1.3.6.1.4.1.14179.1.1.4.3

Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM)

4.5(0)

5.1

1.3.6.1.4.1.14179.1.1.4.4

Cisco 5500 Series Wireless LAN Controllers

4.6(1)

6.0

1.3.6.1.4.1.9.1.1069


Note Wireless OOB only supports Layer 2 OOB Virtual Gateway deployments that require no IP address change. The Cisco NAC Network Module (NME-NAC) does not support a Layer 2 OOB Virtual Gateway topology, therefore the Cisco NAC Network Module is not supported for Wireless OOB deployments.



Note If CAM is using SNMP V3 for write, wireless clients might not move into Access VLAN even when the NAC agent on the client passed posture validation after WLC reboot. Refer to WLC caveat CSCtb78072.


Known Issues with Switches/WLCs

This section describes known issues when integrating Cisco NAC Appliance with the following switch models/wireless LAN controllers and deployment types:

Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment

For Cisco NAC Appliance in In-Band Central Deployment mode, when a Cisco Catalyst 3560/3750 series switch is used as a Layer 3 switch and if both ports of the CAS are connected to the same 3560/3750 switch, the minimum switch IOS code required is Cisco IOS release 12.2(25)SEE.

Because caveat CSCdu27506 is not fixed on the Catalyst 3550 series switch, when the Catalyst 3550 is used as a Layer 3 switch, it cannot be used in NAC Appliance In-Band Central Deployment.

For further details, refer to switch IOS caveat CSCdu27506:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdu27506

See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB).

Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment

For Cisco NAC Appliance customers with OOB deployments running stacked Cisco Catalyst 3750 switches with Cisco IOS 12.2(25) SEC2 or lower, SNMP mac-notifications can fail, and SNMP does not report MAC addresses to the OOB CAM and CAS.

Affected customers can resolve this issue by upgrading their stacked Cisco Catalyst 3750 switches to Cisco IOS release 12.2(25)SEE or above. For further details refer to switch IOS caveat CSCeh80716:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/release/notes/OL8113.html#wp821615


Note Catalyst 3750 Stacks are affected by caveats CSCse86236 and CSCsg31176. These caveats are resolved in IOS release 12.2(35)SE.


See Cisco NAC Appliance Switch Support Matrixes for additional details on the switches supported for OOB deployments.


Note When configuring SNMP settings on switches, never use the “@” character in the community string.


Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs) and DHCP

Due to changes in DHCP server operation with Cisco NAC Appliance release 4.0(2) and later, networks with Cisco 2200/4400 Wireless LAN Controllers (also known as Airespace WLCs) which relay requests to the CAS (operating as a DHCP server) may have issues. Client machines may be unable to obtain DHCP addresses.

If you have DHCP issues with Airespace controllers after installing/upgrading to release 4.0(2), the following will need to be done to restore DHCP functionality:


Step 1 Enable DHCP options on the CAS:

a. Go to Device Management > CCA Servers > Manage [CAS_IP] > Network > DHCP > Global Options

b. Click the Enable button (User-Specified DHCP Options).

Step 2 Create a new custom Global DHCP option with option number “54” and option type “IP-Address”:

a. Click the New Option link for the Root Global Option List.

b. Type 54 in the ID field.

c. Select IP-Address from the Type dropdown menu.

d. Click the Create Custom Option button.

Step 3 Set the value of this option to the CAS eth1 IP address (or eth1 Service IP if CAS is in HA mode):

a. Type the CAS eth1 IP address in the text field.

b. Click Update .

Step 4 This should restore DHCP capability with Airespace controllers.


 


Note For further details on configuring DHCP options, see the “Configuring DHCP” chapter of the Cisco NAC Appliance - Clean Access Server Configuration Guide.


Troubleshooting

This section discusses the following:

Preventing Loops on Central Switch for VGW/Central Deployments

In Virtual Gateway Central deployment, both interfaces of the CAS are connected to the same switch. Administrators must use the following procedure for correct configuration of a Virtual Gateway Central Deployment. To prevent looping on any central/core switch as you plug both interfaces of the CAS into the switch, perform the following steps:

1. Before you connect both interfaces of the CAS to the switch, SSH to the CLI of the CAS and disable the eth1 (untrusted interface) using the CLI command:

ifconfig eth1 down

2. Physically connect the eth0 and eth1 interfaces of the CAS to the network.

3. After you have added the CAS to the CAM web console, make sure to set the VLAN to be mapped under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping . Also make sure you check the “ Enable VLAN Mapping ” checkbox and click Update .

4. For the 802.1q ports configuration on the switch, make sure to prune all other VLANs for switches trunking to eth0 and eth1 of the CAS except those used for the CAS Management VLAN and the User VLANs.

5. Prune VLAN 1 on the switch ports connecting to the CAS eth0 and eth1 interfaces. For details, see:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swvlan.html

6. Once the preceding steps are completed, SSH to the CLI of the CAS and enable eth1 on CAS using the CLI command:

ifconfig eth1 up

See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB) for additional information.

OOB Switch Trunk Ports and Upgrade

Because Cisco NAC Appliance can control switch trunk ports for OOB, ensure that the uplink ports for controlled switches are configured as “uncontrolled” ports before or after upgrade. This can be done in one of two ways:

  • Before upgrading, change the Default Port Profile for the entire switch to “uncontrolled” under Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile | uncontrolled , or
  • After upgrading, change the Profile to “uncontrolled” for the applicable uplink ports of the switch under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile

This will prevent unnecessary issues when the Default Port Profile for the switch has been configured as a managed/controlled port profile

If for some reason the above steps are omitted and the switch becomes disconnected, use the following procedure:

1. Delete the switch from the List of Switches in the CAM (under Switch Management > Devices > Switches > List ).

2. Configure the switch using its CLI to reverse the changes made to the uplink port by the CAM (trunk native VLAN and mac-notification), for example:

(config-if)# switchport trunk native vlan xxx
(config-if)# no snmp trap mac-notification added
 

3. Add the switch back to the CAM (under Switch Management > Devices > Switches > New or Search ), applying “uncontrolled” as the Default Port Profile.

4. Specifically assign the “uncontrolled” port Profile to the uplink port and other uncontrolled ports (under Switch Management > Devices > Switches [x.x.x.x] > Ports ).

5. Reset the Default Port Profile for the switch (under Switch Management > Devices > Switches [x.x.x.x] > Config ).

6. Initialize the switch ports (under Switch Management > Devices > Switches [x.x.x.x] > Ports ).

Switch OID Support

Administrators can update the object IDs (OIDs) of supported switches by performing a CAM update (under Device Management > Clean Access > Updates ). For example, if a new switch (such as C3750-XX-NEW) of a supported model (Catalyst 3750 series) is released, administrators only need to perform Cisco Updates on the CAM to obtain support for the switch OIDs, instead of performing a software upgrade of the CAM/CAS. The update switch OID feature only applies to existing models. If a new switch series is introduced, administrators will still need to upgrade to ensure OOB support for the new switches.

Starting from Release 4.5, administrators can also update the object IDs (OIDs) of Wireless LAN Controller platforms supported for the Wireless OOB feature by performing a CAM update.

Before opening a support case for Switch OID support

1. On the CAM go to Device Management > Clean Access > Updates . Make sure to perform an Update and verify the current version of the “Supported Out-of-Band Switch OIDs.”

2. If the switch still cannot be managed from the CAM, get the OID from the switch by running the following command from the CAM:

snmpget -v 1 -c <switch_snmp_community_string> <switch_ip> 1.3.6.1.2.1.1.2.0
 

3. Add this OID to your support case.

NAC Appliance Device Support

Cisco NAC Appliance Release 4.9 has Universal Switch Support that makes it possible for Cisco NAC Appliance to support any Cisco Switch as long as it supports the MIBs that are used by NAC. The Universal Device Support is limited only to Cisco Switches and non-Cisco Switches are not supported.

Starting from Cisco NAC Appliance Release 4.9, you can view the list of supported devices and check whether a device supports the MIBs that are used by NAC.

In the CAM Web Console, go to OOB Management > Profiles > Device > New . You can click the link available at the top of this tab to view the list of supported device models.

You can verify whether a device is supported by using the Verify tab. This utility verifies a device already added to CAM or a new device that is yet to be added to CAM. This option is available in the CAM Web Console in OOB Management > Devices > Devices > Verify tab.

Refer to Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9 for more details.

MAC-Move Notification Support

Starting from Release 4.1(3), Cisco NAC Appliance supports MAC-move notifications from switches in addition to the MAC-changed notification and linkup/linkdown SNMP traps.

Table 18 lists the switch models and OS versions that support the MAC-Move notification.

 

Table 18 MAC-Move Notification Supported Switches

Switch
Minimum Switch IOS Version
Minimum CatOS Version

Catalyst 2940/2950/2960

12.2(40)SE

Catalyst 2970

12.2(40)SE

Catalyst 3550/3560/3750

12.2(40)SE

Catalyst 4000/4500

12.2(31)SG

Not supported

Catalyst 6000/65000

12.2(17d)SXB

7.6.1

Refer to the Release Notes for Cisco NAC Appliance, Version 4.1(3) for additional details.

Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)

Table 19 describes Cisco Catalyst switch model support for the Virtual Gateway VLAN Mapping feature of the CAS for either in-band (IB) or out-of-band deployments (OOB). This table is intended to clarify CAS network deployment options when connecting the CAS in Virtual Gateway (bridge) mode to the switches listed.

 

Table 19 Switch Support for CAS Virtual Gateway In-Band/OOB VLAN Mapping Feature

Cisco Switch Model
Virtual Gateway
Central Deployment
(both interfaces into same switch)
Edge Deployment
(each interface into different switch)

28xx NME

Yes with 12.2(25) SEE and higher 1

Yes

Catalyst 2900XL

No 27

Yes

Catalyst 2950/2960

Yes

Yes

Catalyst 2970

Yes

Yes

Catalyst 3500XL

Yes

Yes

Catalyst 3550 (L2 switch)

Yes

Yes

Catalyst 3550 (L3 switch)

No 1

Yes

Catalyst 3750/3560 (L2 switch)

Yes

Yes

Catalyst 3750/3560 (L3 switch)

Yes with 12.2(25) SEE and higher 28

Yes

Catalyst 4000/4500

Yes

Yes

Catalyst 6000/6500

Yes

Yes

Nexus 7000 C7010

Yes

Yes

27.2900 XL does not support removing VLAN 1 from switch trunks.

28.Due to switch caveat CSCdu27506. See Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment for details.

For additional information on Virtual Gateway Central Deployment, see also Preventing Loops on Central Switch for VGW/Central Deployments.