Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - SECURITY
      - CISCO NAC APPLIANCE (CLEAN ACCESS)
        GENERAL INFORMATION
        COMPATIBILITY INFORMATION
        Switch Support for Cisco NAC Appliance

Cisco NAC Appliance (Clean Access)

Switch Support for Cisco NAC Appliance

Downloads

Switch Support for Cisco NAC Appliance

Table Of Contents

Switch Support for Cisco NAC Appliance

In-Band (IB) Deployment Switch Support

Out-of-Band (OOB) Deployment Switch Support

OOB Supported Switches

OOB Supported (NME) EtherSwitch Service Modules

MAC-Move Notification Support

Wireless Out-of-Band (WOOB) Switch/Wireless LAN Controller Support

Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)

Known Issues with Switches/WLCs

Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment

Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment

Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs) and DHCP

Troubleshooting

Preventing Loops on Central Switch for VGW/Central Deployments

OOB Switch Trunk Ports and Upgrade

Switch OID Support

Switch Support for Cisco NAC Appliance

Revised: June 16, 2009, OL-7315-01

Note This document is available under: http://www.cisco.com/en/US/products/ps6128/products_device_support_tables_list.html
For the most current Cisco NAC Appliance (Cisco Clean Access) documentation, refer to: http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

This document describes the following:

•In-Band (IB) Deployment Switch Support

•Out-of-Band (OOB) Deployment Switch Support

•Wireless Out-of-Band (WOOB) Switch/Wireless LAN Controller Support

•Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)

•Known Issues with Switches/WLCs

•Troubleshooting

In-Band (IB) Deployment Switch Support

With Cisco NAC Appliance In-Band (IB) deployment, the Clean Access Server (CAS) is always inline with user traffic-before, during, and after authentication, posture assessment, and remediation. In-band mode is required for wireless networks.

For IB deployments, Cisco NAC Appliance is agnostic to switch/router platforms and versions.
IB deployments can be Layer 2 (L2) or Layer 3 (L3):

•For L2 deployments, user MAC/IP addresses need to be visible to the CAS.

•For L3 deployments (i.e. where the CAS can be one or more hops away from the user), the CAS differentiates users by IP address.

Out-of-Band (OOB) Deployment Switch Support

With Cisco NAC Appliance Out-of-Band deployment, the Clean Access Server (CAS) is inline with user traffic only during the process of authentication, assessment and remediation. Following that, user traffic does not pass through the CAS. In OOB deployment, the Clean Access Manager (CAM) uses SNMP to control switches and set VLAN assignments for ports. When the CAM/CAS are set up for OOB, the CAM can control the switch ports of supported switches/NMEs with the corresponding IOS/CatOS versions listed in the following tables:

•OOB Supported Switches

•OOB Supported (NME) EtherSwitch Service Modules

•MAC-Move Notification Support

•Wireless Out-of-Band (WOOB) Switch/Wireless LAN Controller Support

For all switch models/NMEs, Cisco recommends checking for limitations and verifying support for MAC notification and/or linkup-linkdown SNMP traps for the switch OS version you intend to use. See Known Issues with Switches/WLCs for further details.

Note Administrators can update the object IDs (OIDs) of supported switches by performing a CAM update (under Device Management > Clean Access > Updates). For example, if a new switch (such as C3750-XX-NEW) of a supported model (Catalyst 3750 series) is released, administrators only need to perform Cisco Updates on the CAM to obtain support for the switch OIDs, instead of performing a software upgrade of the CAM/CAS. The update switch OID feature only applies to existing models. If a new switch series is introduced, administrators will still need to upgrade to ensure OOB support for the new switches. Refer to the "Switch Management" (OOB) chapter of the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide for details.

Note Starting from Release 4.5, administrators are able to update the object IDs (OIDs) of supported WLC platforms by performing a CAM update (under Device Management > Clean Access > Updates).

Note Cisco NAC Appliance supports Cisco Catalyst 2900 XL and 3500 XL only until the product (switch) end of support. For details, refer to: http://www.cisco.com/en/US/partner/products/hw/switches/prod_category_end_of_life.html

OOB Supported Switches

Table 1 shows the switch models and minimum OS versions that are supported per version of Cisco NAC Appliance for Out-of-Band deployments.

Table 1 OOB Supported Switches

Min. Cisco NAC Appliance Version ¹

Switch Model ^²

Minimum Supported OS Version ³^,⁴

4.5
4.1(x)+⁵4.0(0)+

3.6(1)+

-

Cisco Catalyst Express 500 Series (CE500) ⁶

Cisco IOS Release 12.2(25)SEG

3.6(0)+

3.5(4)+

Cisco Catalyst 2900 XL ⁷^{, ⁸}

Cisco IOS Software Release 12.0(5)WC7

Cisco Catalyst 2940 ⁹

Cisco IOS Software Release 12.1(6)EA2

3.5(0)+

Cisco Catalyst 2950 ¹⁰^,⁹

Cisco IOS Software Release 12.1(14)EA1

Cisco Catalyst 2950 LRE ¹⁰

Cisco IOS Software Release 12.1(14)EA1

3.6(1)+

-

Cisco Catalyst 2955

Cisco IOS Software Release 12.1(14)EA1

3.6(0)+

3.5(7)+

Cisco Catalyst 2960⁹

Cisco IOS Software Release 12.2(25)

3.5(4)+

Cisco Catalyst 3500 XL⁷^,⁸

Cisco IOS Software Release 12.0(5)WC7

3.5(0)+

Cisco Catalyst 3550 ⁹

Cisco IOS Software Release 12.1(8)EA1b

3.5(1)+

Cisco Catalyst 3560 ⁹

Cisco IOS Software Release 12.2(25)SEE

3.5(0)+

Cisco Catalyst 3750 ⁹^,¹¹^,¹²

Cisco IOS Software Release 12.2(25)SEE

3.5(8)+

Cisco Catalyst 4000 ⁹^,¹³^,¹⁴^,¹⁵

Cisco Catalyst OS Release 7.1

Cisco IOS Software Release 12.2(31)SGA02

3.5(0)+

Cisco Catalyst 4500 ⁹^,¹³^,¹⁴^,¹⁵

Cisco Catalyst OS Release 7.1

Cisco IOS Software Release 12.2(31)SGA02

4.5
4.1(x)+⁵

-

-

Cisco Catalyst 4948 ¹⁶

Cisco IOS Software Release 12.2(31)SGA02

4.5
4.1(x)+⁵4.0(0)+

3.6(0)+

3.5(8)+

Cisco Catalyst 6000 ⁹^,¹⁷

Cisco Catalyst OS Release 7.5

Cisco IOS Software Release12.2(33)SXH1¹⁸

3.5(0)+

Cisco Catalyst 6500 ⁹^,¹⁷

Cisco Catalyst OS Release 7.5

Cisco IOS Software Release12.2(33)SXH1 ¹⁸

¹The "+" designation in the Min. Cisco NAC Appliance Version column indicates the switch model/OS is supported starting from the CCA version listed and for subsequent versions.

²Clusters are not supported.

³If running a deferred IOS, make sure to run a non-deferred version that is higher than the Minimum Supported OS Version.

⁴OS versions support SNMP V3 except where noted.

⁵Auto-update of OOB switch OIDs is available starting from CCA release 4.1(0) and later (under Device Management > Clean Access > Updates). This allows you to obtain support for new switches of existing supported switch models/series by performing a CAM update instead of CCA software upgrade.

⁶With IOS release 12.2.25(SEG) for CE500, MAC-NOTIFICATION SNMP traps are supported on all Smartport roles (including DESKTOP and IPPHONE roles). After upgrading to 12.2.25(SEG), customers can configure MAC-NOTIFICATION for CE500 under Switch Management > Devices > List > Config [Switch IP] > Config > Advanced on the CAM. For CCA 3.6.2, 3.6.3, 4.0.0, 4.0.1, 4.0.2, CE500 supports linkup/linkdown SNMP notifications by default and the "OTHER role" warning message can be ignored when changing to MAC-NOTIFICATION traps. Note that in future Csico NAC Appliance releases, this warning message will removed and the default control method for CE500 will be MAC-NOTIFICATION traps.

Note: If running an IOS version lower than 12.2(25) SEG, the CE500 switch ports must be assigned to the OTHER role (not Desktop or IP phone) on the switch's Smartports configuration, otherwise, mac-notification will not be sent out.

⁷CCA OOB supports Cisco Catalyst 2900 XL, 3500 XL, and 5500 only until the product (switch) end of support. For details, see http://www.cisco.com/en/US/partner/products/hw/switches/prod_category_end_of_life.html

⁸2900 XL and 3500 XL do not support SNMP V3.

⁹Cisco NAC Appliance 4.1(3) and later supports MAC-move notifications from switches. See MAC-Move Notification Support for details.

¹⁰IOS 12.1(14)EA1 or above is required for 2950/2950 LRE switches. 2950s running 12.1(11)-12.1(13) may experience caveat CSCea56777 which prevents the VLAN from being changed on the switch itself.

¹¹IOS 12.2(25)SEE or above is required for 3750 L3 switches. 3750 Stacks are affected by caveats CSCse86236 and CSCsg31176 (both resolved in upcoming IOS release 12.2(35)SE). For details, see Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment.

¹²CCA OOB supports 3750 StackWise technology. With stacks, when mac-notification is used and there are more than 252 ports on the stack, mac-notification cannot be set/unset for the 252nd port using the CAM. There are two workarounds: 1) Use linkup/linkdown SNMP notifications only. 2) If using mac-notification, do not use the 252nd port and ignore the error; other ports will work fine.

¹³Catalyst 4000/4500 code support is dependent on the Supervisor, not the chassis. On Catalyst 4000/4500, Supervisor I/II only support CatOS.

¹⁴On Catalyst 4000/4500, Supervisor II+/III/IV/V only support IOS. For IOS code, MAC notification is supported only from 12.2(31) SG onwards. Supervisor III does not support 12.2(31)SG (hence, does not support mac-notification) and must run 12.2(25)EWA release train. Supervisor II+/IV/V support 12.2(31)SG. If using linkup notification for OOB, code prior to 12.2(31) SG can also be used.

¹⁵Catalyst 4000/4500 requires minimum IOS version 12.2(31)SGA02 due to caveat CSCsi25194.

¹⁶Catalyst 4948 is based on Catalyst 4500 series. To add/configure this switch on the CAM, choose Cisco Catalyst 4000/4500 series under Switch Management > Profiles > Switch > New | Switch Model.

¹⁷Catalyst 6000/6500 on IOS supports mac-notification from 12.2(33)SXH onwards. If Catalyst 6000/6500 is at the edge and a user is connecting directly to the switch, SNMP linkup notification can be used with an earlier minimum release (i.e. IOS 12.1(8a)EX). If the user is connecting from behind an IP phone, then mac-notification is required.

¹⁸Catalyst 6000/6500 switches require minimum IOS version 12.2(33)SXH1 due to caveat CSCsj10375.

OOB Supported (NME) EtherSwitch Service Modules

Table 2 shows the Cisco 3750 NME EtherSwitch service modules for Cisco 2800/3800 Series Integrated Services Routers supported per version of Cisco NAC Appliance OOB. These service modules are essentially a Cisco Catalyst 3750 switch packaged as a blade, and are supported for the 2800/3800 Integrated Services Routers only (e.g. Cisco 2600 ISR is not supported).

Table 2 OOB Supported 3750 Service Modules for 2800/3800 ISRs

Min. Cisco NAC Appliance Version ¹

3750 EtherSwitch Service Modules Supported for Cisco 2800/3800 Integrated Services Routers ²^, ³^,⁴^,

Min. Switch IOS Version

Min. Router IOS Version

4.5
4.1(x)+⁵
4.0(1)+
3.6(4)+

NME-16ES-1G

12.2(25)SEC

12.3(14)T3

NME-16ES-1G-P

12.2(25)EZ

12.3(14)T

NME-X-23ES-1G

12.2(25)SEC

12.3(14)T3

NME-X-23ES-1G-P

12.2(25)EZ

12.3(14)T

NME-XD-24ES-1S-P

12.2(25)EZ

12.3(14)T

NME-XD-48ES-2S-P

12.2(25)EZ

12.3(14)T

¹The "+" designation in the Min. Cisco NAC Appliance Version column indicates the switch model/OS is supported starting from the CCA version listed and for subsequent versions.

²For further details on which ISRs support the EtherSwitch Service Modules listed, refer to the table "Router Platforms Supporting Cisco EtherSwitch Service Modules" in the Cisco Network Modules Hardware Installation Guide.

³Adding 3750 NME modules to the CAM for OOB switch management requires the same steps as if adding a 3750 switch. When configuring the switch profile for these 3750 NMEs, choose Cisco Catalyst 3750 series under Switch Management > Profiles > Switch > New | Switch Model.

⁴IOS 12.2(25)SEE or above is required for 3750 L3 switches. See Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment for additional details.

⁵Auto-update of OOB switch OIDs is available starting from CCA release 4.1(0) and later (under Device Management > Clean Access > Updates). This allows you to obtain support for new switches of existing supported switch models/series by performing a CAM update instead of CCA software upgrade.

MAC-Move Notification Support

Starting from Release 4.1(3), Cisco NAC Appliance supports MAC-move notifications from switches in addition to the MAC-changed notification and linkup/linkdown SNMP traps.

Table 3 lists the switch models and OS versions that support the MAC-Move notification.

Table 3 MAC-Move Notification Supported Switches

Switch

Minimum Switch IOS Version

Minimum CatOS Version

Catalyst 2940/2950/2960

12.2(40)SE

—

Catalyst 3550/3560/3750

12.2(40)SE

—

Catalyst 4000/4500

12.2(31)SG

Not supported

Catalyst 6000/65000

12.2(17d)SXB

7.6.1

Refer to the Release Notes for Cisco NAC Appliance (Cisco Clean Access), Version 4.1(3) for additional details.

Wireless Out-of-Band (WOOB) Switch/Wireless LAN Controller Support

Note Wireless OOB only supports Layer 2 OOB Virtual Gateway deployments that require no IP change. Because the Cisco NAC Network Module does not support this topology, the NAC Network Module is not supported for Wireless OOB.

Table 4 lists the Wireless LAN Controller platforms that Cisco NAC Appliance supports for a Wireless OOB deployment starting from Release 4.5.

Table 4 Recommended WLC Platforms to Support Wireless OOB

Cisco Wireless LAN Controller Model

Cisco Wireless LAN Controller Version

Cisco NAC Appliance Version

Cisco 4400 Series Wireless LAN Controllers

5.1

4.5

Cisco 2000 Series Wireless LAN Controllers

Cisco Catalyst 3750G Integrated Wireless LAN Controller

Cisco Catalyst 6500/7600 Series Wireless Services Module (WiSM)

Cisco Wireless LAN Controller Module

Note Starting from Release 4.5, administrators are able to update the object IDs (OIDs) of supported WLC platforms by performing a CAM update (under Device Management > Clean Access > Updates).

Table 5 lists the recommended IOS versions for the switches used with Cisco NAC Appliance, Release 4.5. Table 5 lists the IOS versions and switch platforms that are tested and known to work with the Wireless OOB feature in Release 4.5. If you encounter issues with WOOB support and are running a minimum IOS version listed as supported for your existing hardware platform in Table 1, you may need to upgrade the IOS on your switch to the version listed here in Table 5.

Table 5 Switch IOS Versions Tested and Known to Work for WOOB in Release 4.5

Device Model

Recommended IOS Version

Catalyst 2960

12.2(35)SE5

Catalyst 3560/3560-E

12.2(25)SEE3

Catalyst 3570/3570-E

12.2(25r)SEE4

Catalyst 4500

12.2(31)SGA

Catalyst 6500

12.2(33)SXH1
12.2(33)SXH2a

Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)

Table 6 describes Cisco Catalyst switch model support for the Virtual Gateway VLAN Mapping feature of the Clean Access Server for either in-band (IB) or out-of-band deployments (OOB). This table is intended to clarify CAS network deployment options when connecting the CAS in Virtual Gateway (bridge) mode to the switches listed.

Table 6 Switch Support for CAS Virtual Gateway In-Band/OOB VLAN Mapping Feature

Cisco Switch Model

Virtual Gateway

Central Deployment

(both interfaces into same switch)

Edge Deployment

(each interface into different switch)

Catalyst 6000/6500

Yes

Yes

Catalyst 4000/4500

Yes

Yes

Catalyst 3750/3560 (L3 switch)

Yes with 12.2(25) SEE and higher ¹

Yes

Catalyst3550 (L3 switch)

No 1

Yes

Catalyst 3750/3560 (L2 switch)

Yes

Yes

Catalyst 3550 (L2 switch)

Yes

Yes

Catalyst 2950/2960

Yes

Yes

Catalyst 2900XL

No ²

Yes

Catalyst 3500XL

Yes

Yes

28xx NME

Yes with 12.2(25) SEE and higher 1

Yes

Nexus 7000 C7010

Yes

Yes

¹Due to switch caveat CSCdu27506. See Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment for details.

²2900 XL does not support removing VLAN 1 from switch trunks.

For additional information on Virtual Gateway Central Deployment, see also Preventing Loops on Central Switch for VGW/Central Deployments.

Known Issues with Switches/WLCs

This section describes known issues when integrating Cisco NAC Appliance with the following switch models/wireless LAN controllers and deployment types:

•Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment

•Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment

•Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs) and DHCP

Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment

For Cisco Clean Access (NAC Appliance) in In-Band Central Deployment mode, when a Cisco Catalyst 3560/3750 series switch is used as a Layer 3 switch and if both ports of the Clean Access Server (CAS) are connected to the same 3560/3750 switch, the minimum switch IOS code required is Cisco IOS release 12.2(25)SEE.

Because caveat CSCdu27506 is not fixed on the Catalyst 3550 series switch, when the Catalyst 3550 is used as a Layer 3 switch, it cannot be used in NAC Appliance In-Band Central Deployment.

For further details, refer to switch IOS caveat CSCdu27506:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdu27506

See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB).

Stacked Cisco Catalyst 3750 Switches and NAC Appliance Out-of-Band Deployment

For Cisco Clean Access (NAC Appliance) customers with OOB deployments running stacked Cisco Catalyst 3750 switches with Cisco IOS 12.2(25) SEC2 or lower, SNMP mac-notifications can fail, and SNMP does not report MAC addresses to the OOB Clean Access Manager and Server.

Affected customers can resolve this issue by upgrading their stacked Cisco Catalyst 3750 switches to Cisco IOS release 12.2(25)SEE or above. For further details refer to switch IOS caveat CSCeh80716:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/release/notes/OL8113.html#wp821615

Note Catalyst 3750 Stacks are affected by caveats CSCse86236 and CSCsg31176. These caveats are resolved in IOS release 12.2(35)SE.

See Out-of-Band (OOB) Deployment Switch Support for additional details on the switches supported for OOB deployments.

Note When configuring SNMP settings on switches, never use the "@" character in the community string.

Cisco 2200/4400 Wireless LAN Controllers (Airespace WLCs) and DHCP

Due to changes in DHCP server operation with Cisco NAC Appliance release 4.0(2) and later, networks with Cisco 2200/4400 Wireless LAN Controllers (also known as Airespace WLCs) which relay requests to the Clean Access Server (operating as a DHCP server) may have issues. Client machines may be unable to obtain DHCP addresses.

If you have DHCP issues with Airespace controllers after installing/upgrading to release 4.0(2), the following will need to be done to restore DHCP functionality:

Step 1 Enable DHCP options on the CAS:

a. Go to Device Management > CCA Servers > Manage [CAS_IP] > Network > DHCP > Global Options

b. Click the Enable button (User-Specified DHCP Options).

Step 2 Create a new custom Global DHCP option with option number "54" and option type "IP-Address":

a. Click the New Option link for the Root Global Option List.

b. Type 54 in the ID field.

c. Select IP-Address from the Type dropdown menu.

d. Click the Create Custom Option button.

Step 3 Set the value of this option to the CAS eth1 IP address (or eth1 Service IP if CAS is in HA mode):

a. Type the CAS eth1 IP address in the text field.

b. Click Update.

Step 4 This should restore DHCP capability with Airespace controllers.

Note For further details on configuring DHCP options, see the "Configuring DHCP" chapter of the Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide.

Troubleshooting

This section discusses the following:

•Preventing Loops on Central Switch for VGW/Central Deployments

•OOB Switch Trunk Ports and Upgrade

•Switch OID Support

Preventing Loops on Central Switch for VGW/Central Deployments

In Virtual Gateway Central deployment, both interfaces of the CAS are connected to the same switch. Administrators must use the following procedure for correct configuration of a Virtual Gateway Central Deployment. To prevent looping on any central/core switch as you plug both interfaces of the Clean Access Server into the switch, perform the following steps:

1. Before you connect both interfaces of the CAS to the switch, SSH to the CLI of the CAS and disable the eth1 (untrusted interface) using the CLI command:
ifconfig eth1 down
2. Physically connect the eth0 and eth1 interfaces of the CAS to the network.

3. After you have added the CAS to the CAM web console, make sure to set the VLAN to be mapped under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping. Also make sure you check the "Enable VLAN Mapping" checkbox and click Update.

4. For the 802.1q ports configuration on the switch, make sure to prune all other VLANs for switches trunking to eth0 and eth1 of the CAS except those used for the CAS Management VLAN and the User VLANs.

5. Prune VLAN 1 on the switch ports connecting to the CAS eth0 and eth1 interfaces. For details, see:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swvlan.html

6. Once the preceding steps are completed, SSH to the CLI of the CAS and enable eth1 on CAS using the CLI command:
ifconfig eth1 up
See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB) for additional information.

OOB Switch Trunk Ports and Upgrade

Because Cisco Clean Access can control switch trunk ports for OOB (starting from release 3.6(1) and above), please ensure the uplink ports for controlled switches are configured as "uncontrolled" ports before or after upgrade. This can be done in one of two ways:

•Before upgrading, change the Default Port Profile for the entire switch to "uncontrolled" under Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile | uncontrolled, or

•After upgrading, change the Profile to "uncontrolled" for the applicable uplink ports of the switch under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile

This will prevent unnecessary issues when the Default Port Profile for the switch has been configured as a managed/controlled port profile

If for some reason the above steps are omitted and the switch becomes disconnected, use the following procedure:

1. Delete the switch from the List of Switches in the CAM (under Switch Management > Devices > Switches > List).

2. Configure the switch using its CLI to reverse the changes made to the uplink port by the CAM (trunk native VLAN and mac-notification), for example:
(config-if)# switchport trunk native vlan xxx
(config-if)# no snmp trap mac-notification added
3. Add the switch back to the CAM (under Switch Management > Devices > Switches > New or Search), applying "uncontrolled" as the Default Port Profile.

4. Specifically assign the "uncontrolled" port Profile to the uplink port and other uncontrolled ports (under Switch Management > Devices > Switches [x.x.x.x] > Ports).

5. Reset the Default Port Profile for the switch (under Switch Management > Devices > Switches [x.x.x.x] > Config).

6. Initialize the switch ports (under Switch Management > Devices > Switches [x.x.x.x] > Ports).

Switch OID Support

Administrators can update the object IDs (OIDs) of supported switches by performing a CAM update (under Device Management > Clean Access > Updates). For example, if a new switch (such as C3750-XX-NEW) of a supported model (Catalyst 3750 series) is released, administrators only need to perform Cisco Updates on the CAM to obtain support for the switch OIDs, instead of performing a software upgrade of the CAM/CAS. The update switch OID feature only applies to existing models. If a new switch series is introduced, administrators will still need to upgrade to ensure OOB support for the new switches.

Starting from Release 4.5, administrators can also update the object IDs (OIDs) of Wireless LAN Controller platforms supported for the Wireless OOB feature by performing a CAM update.

Before opening a support case for Switch OID support

1. On the CAM go to Device Management > Clean Access > Updates. Make sure to perform an Update and verify the current version of the "Supported Out-of-Band Switch OIDs".

2. If the switch still cannot be managed from the CAM, get the OID from the switch by running the following command from the CAM:
snmpget -v 1 -c <switch_snmp_community_string> <switch_ip> 1.3.6.1.2.1.1.2.0
3. Add this OID to your support case.