In a 2960X Stack environment the SNMP Port Security Traps would only be send, if the

security violation was detected on the master switch.

Example:

Master switch 1

port 1/0/10 detected a port security violation, the snmp trap would send

port 2/0/10 detecetd a port security violation, no snmp trap would send

If we change the Master to switch 2, then port 2/0/10 sends the traps and 1/0/10 didn't send any violation trap.

We have done the Test with software version c2960x-universalk9-mz.152-4.E1.bin and c2960x-universalk9-mz.152-5.E.bin

Has anyone a idea?

Looks like a software bug?

---

switch 1 provision ws-c2960x-48fps-l
switch 2 provision ws-c2960x-48fps-l

...

interface GigabitEthernet1/0/10
switchport access vlan 25
switchport mode access
switchport voice vlan 666
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0110
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
spanning-tree portfast edge
spanning-tree bpduguard enable

....

interface GigabitEthernet2/0/10
switchport access vlan 25
switchport mode access
switchport voice vlan 666
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0610
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
spanning-tree portfast edge
spanning-tree bpduguard enable

...

snmp-server trap-source Vlan111
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps port-security
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.47.100 version 2c blabla port-security