In a 2960X Stack environment the SNMP Port Security Traps would only be send, if the
security violation was detected on the master switch.
Example:
Master switch 1
port 1/0/10 detected a port security violation, the snmp trap would send
port 2/0/10 detecetd a port security violation, no snmp trap would send
If we change the Master to switch 2, then port 2/0/10 sends the traps and 1/0/10 didn't send any violation trap.
We have done the Test with software version c2960x-universalk9-mz.152-4.E1.bin and c2960x-universalk9-mz.152-5.E.bin
Has anyone a idea?
Looks like a software bug?
---
switch 1 provision ws-c2960x-48fps-l
switch 2 provision ws-c2960x-48fps-l
...
interface GigabitEthernet1/0/10
switchport access vlan 25
switchport mode access
switchport voice vlan 666
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0110
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
spanning-tree portfast edge
spanning-tree bpduguard enable
....
interface GigabitEthernet2/0/10
switchport access vlan 25
switchport mode access
switchport voice vlan 666
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0610
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
spanning-tree portfast edge
spanning-tree bpduguard enable
...
snmp-server trap-source Vlan111
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps port-security
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.47.100 version 2c blabla port-security