We have had Clean Access installed for 4+ years. Recently (and over several version upgrades) we have been seeing SNMP write issues with small numbers of switches. The switches are mostly Cat 3560s, with a few 2950s and 3550s. We are currently running 4.7.1
Our most common issue is that SNMP writes (V3) to a switch will fail after working seemingly flawlessly for days, weeks, or even months. We probably lose about 2 of about 60 switches per month. Removing and adding the switch in CCA does not work, nor does stripping out and replacing the SNMP commands within the failed switch. The only work-around we have found is modifying any part of the device profile for the appropriate group, then modifying it back to the correct parameters. This results in a functional switch and a log message that says "switch [xxx.yyy.zzz.166] is recovered from SNMP failure!" Eventually, the SNMP write errors come back, but the larger issue is that other switches in the same tweaked profile seem to be inverting their allowed VLANs and the uplink ports revert back to CCA controlled ports. As an example of the inverted VLANs, a working switch with primary VLAN 20 (clean) and VLAN 120 (dirty) ports will have the uplink interfaces configured with "switchport trunk native vlan 20" (or sometimes 120) and "switchport trunk allowed vlan 2-19,21-4094" It should be noted that we do no pruning on these switches, but we do prune out VLAN 1 upstream. A coworker did open a TAC call last year, and they focused on the switch configs, confirmed that our configs were OK, and never resolved the issue. Has anybody run into this? Any thoughts? Thanks in advance. -Jamie -- James Spitznagel Senior Network Engineer John Carroll University [email protected]
