Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2050
Views
2
Helpful
2
Replies

How to read/write port-security maximum per-vlan using SNMP on a 2960 ?

inverse2009
Level 1
Level 1

‎04-23-2010 02:06 PM - edited ‎02-21-2020 03:56 AM

Hi there,

I'm trying to configure port-security using SNMP on a 2960 (12.2(52)SE).

Here is the switchport config I want:

interface FastEthernet0/x

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address xxxx.xxxx.xxxx vlan access

I've found all the required OIDs but I can't find the one for this line:

switchport port-security maximum 1 vlan access

Setting 'switchport port-security maximum 2' using cpsIfMaxSecureMacAddr  (included in the cpsIfConfigTable) was really straight forward.

By looking into the Cisco MIBs I found the cpsIfVlanMaxSecureMacAddr  (included in the cpsIfVlanTable) but it looks like it is obsolete and I cant read it.

Any help would really help me.

Thanks

0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎04-29-2010 04:34 AM

Hello


Please try the following OID

cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-create
        STATUS          current

For more details please see:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PORT-SECURITY-MIB.my

Please rate if helpful.

Regards
Farrukh

inverse2009
Level 1
Level 1
In response to Farrukh Haroon

‎04-29-2010 08:28 AM

Hi Farrukh,

thanks a lot for your answer.

I already saw and tried this OID but it looks like I do NOT have access to the cpsIfMultiVlanTable or I dont know how to access it.

I haven't been able to find out what Cisco means by a multi-vlan port. Does it apply to my setup ?

I tried to snmpwalk this table and I do not get any reply from the switch:

[pf-dev ~]# snmpwalk -v 2c -c xxxxxx  192.168.1.61 1.3.6.1.4.1.9.9.315.1.2.5

SNMPv2-SMI::enterprises.9.9.315.1.2.5 = No Such Object available on this agent at this OID

I'm thinking that maybe I could directly access the cpsIfMultiVlanMaxSecureMacAddr for the Vlan I want.

But based on the cpsIfMultiVlanTable structure, it looks like the entries are indexed by the cpsIfMultiVlanIndex

which is "The VLAN ID of an allowed VLAN for this multi-vlan port."

So I guess I need to know the cpsIfMultiVlanIndex. How does it work ? cause it does not seem to be the 'regular' VLAN id.

Last but not least: the port ifIndex has to be involved somewhere too.

Because I want to know the port-security maximum for the access Vlan for a particular port.

Any idea ?

Regis

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card