Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
4
Replies

MAC deteced/tracking

Niklas.D
Level 1
Level 1

‎11-01-2021 03:06 AM

Hi

 

So i hade a issue that i hade a loop in the network. 

This ended effecting my remote sites that OSPF got knocked out as the ISP have a loop protection and noticed that one mac was in the WAN on 2 diffrent ports. 

 

Well i would like not to go to my ISP to notices this configs errors. 

Is there away to track This kinda Problem.

Track and notify if a MAC appears on with a dual entery on ports? 

 

 

maybe with SNMP sending to my survaillance system? 

anyone got any good experiance with this  

  

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎11-01-2021 10:28 AM

Not sure what is the device here ? provide device and what IOS code running here ?

 

if this is switch you can use port-security.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Niklas.D
Level 1
Level 1
In response to balaji.bandi

‎11-02-2021 12:12 AM

Hi BB

 

Thank you for the reply! 

 

Ofc: 

Software (cat4500e-UNIVERSALK9-M), Version 03.11.03a.E RELEASE SOFTWARE (fc1)

 

So i dont want to lock a MAC to a port, but i want to track it ex. 

 

If i see mac Address xxxx.yyyy.zzzz on te1/1 and te1/2 that would be a problem  

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Niklas.D

‎11-02-2021 01:21 AM

adding to another post, you would like to have active alerts you need to set up SYSLOG or SNMP trap to get information.

based on the information you can generate an email alert.

 

You can add Global config and port config as below :

 

GLOBAL

 

mac address-table notification change interval 10
mac address-table notification change history-size 500
mac address-table notification change
mac address-table notification threshold
mac address-table notification mac-move

snmp-server host  10.10.10.10  traps user mac-notification

 

INTERFACE config (which was provided already by Paul)

 

snmp trap mac-notification change added
snmp trap mac-notification change removed

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎11-02-2021 12:55 AM - edited ‎11-02-2021 12:56 AM

Hello

Depending on the IOS, there used to be a feature so a trap could be created as when a mac adddres of an inerface was removed or added.

 

int x/x
snmp trap mac-notification added
snmp trap mac-notification change removed

exit

sh mac-address table notification interface x/x


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card