We are running NAC 4.1.2.1 on both server / manager and agent in L3 OOB. We have our switchports (Catalyst 6500's) configured with port security to limit the allowable number of MAC addresses to 2 and up until recently have had NAC configured with linkup/linkdown traps. Everything worked fine. Looking into running IPT and have enabled MAC notifications on both the switches and NAC. Now VLAN flipping doesn't work. TAC states that NAC and port security are not compatible? I know in the NAC gui that you can not enable port security if using MAC notification, but thought that was just a NAC thing.
Does anyone know if TACs statement is correct? If so, is there any way to limit the number of MACs permitted on a switchport to 2 while still running MAC notification on NAC for the purposes of IPT? Any info will be greatly appreciated. - Matt
