04-23-2010 02:06 PM - edited 02-21-2020 03:56 AM
Hi there,
I'm trying to configure port-security using SNMP on a 2960 (12.2(52)SE).
Here is the switchport config I want:
interface FastEthernet0/x
switchport access vlan 10
switchport mode access
switchport voice vlan 20
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address xxxx.xxxx.xxxx vlan access
I've found all the required OIDs but I can't find the one for this line:
switchport port-security maximum 1 vlan access
Setting 'switchport port-security maximum 2' using cpsIfMaxSecureMacAddr (included in the cpsIfConfigTable) was really straight forward.
By looking into the Cisco MIBs I found the cpsIfVlanMaxSecureMacAddr (included in the cpsIfVlanTable) but it looks like it is obsolete and I cant read it.
Any help would really help me.
Thanks
04-29-2010 04:34 AM
Hello
Please try the following OID
cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
For more details please see:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PORT-SECURITY-MIB.my
Please rate if helpful.
Regards
Farrukh
04-29-2010 08:28 AM
Hi Farrukh,
thanks a lot for your answer.
I already saw and tried this OID but it looks like I do NOT have access to the cpsIfMultiVlanTable or I dont know how to access it.
I haven't been able to find out what Cisco means by a multi-vlan port. Does it apply to my setup ?
I tried to snmpwalk this table and I do not get any reply from the switch:
[pf-dev ~]# snmpwalk -v 2c -c xxxxxx 192.168.1.61 1.3.6.1.4.1.9.9.315.1.2.5
SNMPv2-SMI::enterprises.9.9.315.1.2.5 = No Such Object available on this agent at this OID
I'm thinking that maybe I could directly access the cpsIfMultiVlanMaxSecureMacAddr for the Vlan I want.
But based on the cpsIfMultiVlanTable structure, it looks like the entries are indexed by the cpsIfMultiVlanIndex
which is "The VLAN ID of an allowed VLAN for this multi-vlan port."
So I guess I need to know the cpsIfMultiVlanIndex. How does it work ? cause it does not seem to be the 'regular' VLAN id.
Last but not least: the port ifIndex has to be involved somewhere too.
Because I want to know the port-security maximum for the access Vlan for a particular port.
Any idea ?
Regis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide