[AF] SNMP data needs to Obtain MAC By SNMP if cross-layer 3 MAC identification fails
Problem Description
The Obtain MAC By SNMP function is enabled on AF, but the MAC addresses of intranet users are identified as the same MAC.
Process——
-
[Authentication System] – [Authentication Options] – [Cross-Layer 3 Identification] As shown in the following figure, correctly configure the SNMP server:
351355b4ca78ab8464.png (39.27 KB) -
As shown in the following figure, the SNMP of the intranet layer 3 device is also configured correctly:
The following are the commands for enabling SNMP for Huawei and Cisco:
622055b4ca82d0d21d.png (40.14 KB) -
[Policies] – [Access Control] – [Application Control Policies] allows SNMP to pass.
157635da67f7ca81ed.png (53.7 KB)
Root cause
If application control is not enabled, the SNMP protocol data cannot communicate normally. After the application control Policies allows the SNMP protocol or all TCP/UDP protocols, communication can be normal.
solution
Application control requires the corresponding SNMP protocol data to be released
Original Link
https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=106&isOpen=true