cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

How to use SNMP for analyze and trace MAC Address connectivity

603
Views
0
Helpful
0
Comments
Beginner

ccnp307

 

 

One of the best practice for sysadmins is to know which user now connected to which switches and before it that user connected to where.

its good when you wont block MAC Address to move here ports or switches but you want to know when a user move here device from one port to another port or one switch to another switch.

we can prevent  movement of users PC or LapTop or any devices from one port to another port of switch or by limiting MAC Address per port we can add new limitation layer , but as we know if we enable port security for example for one switches(All ports) and set MAX-Port to 1 MAC Address, if users connect her PC to one port that not used yet, it can connect to switch or network without any problem. but we can set our switches to store information of users MAC Address connected to which ports and removed from which port, its can be another good feature for adding another layer in term of security analyze. 

in this plan we need a SNMP Server or syslog Server to catch the logs of MAC Address they received from switches and we can in the end see users MAC Address from output of the server.

Switch configuration:

its not matter how many switch you have in your corporate, just you need to configure all of that(in fact every switch you need to get MAC Address changed log) to send MAC-Address Table change to syslog Server 

command: 

Snmp-­server host 1.1.1.1 traps private

 

and then we must enable MAC notifications to send visa SNMP Traps via this command:

 

Snmp­-server enable traps mac­-notification

 

Enable mac Address notification over switch:

Mac­-address-­table notification

 

after that we want send MAC Changes every 5min to NMS:

 

Mac­-address­-table notification interval 300

 

as you know by default cisco switches send SNMP Traps every 1 second and maximum buffer size is just for 1 MAC Address, so we need to change MAC Address buffer size to store more address and then send all of address stored in buffer to NMS. 

command:

Mac-­address­-table notification history-­size 200

 

at this point we configure general configuration of switch then in the next step we need to configure ports to send which type of MAC Address change, in fact we have two type of MAC Address type: Add/Remove 

 

int f0/1

snmp trap mac-notification added 

snmp trap mac-notification removed.

 

your task for configure switch is over and know for sure about your configuration you can view there via this command: 

 

Show mac­-address-­table notification interface f0/1

Show mac­-address­-table notification

 

 

 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here