My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.
We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
switchport access vlan 5
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky 001a.a0ff.39cc vlan access
no cdp enable
Here is the snmp-server configuration:
snmp-server community ******** RO
snmp-server community ******** RW
snmp-server enable traps port-security
snmp-server enable traps errdisable
snmp-server host 10.10.10.10 ******** port-security errdisable
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2.
Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
Has anyone else seen this sort of behavior and been able to resolve it?
Thanks in advance.
Please disregard the above. I found information in the configuration guide, page 675, for release 12.2(55) that switchport port-security violation shutdown no longer sends traps.
I am going to wager that this change was made in 12.2(53) since the configuration guide, page 672, for release 12.2(5) says switchport port-security violation shutdown sends traps.
Unfortunatly, this is also true for IOS 12.2(58) and 15.0(1), tested here on a WS-C3750X-48PF-S.
Is there any workaround for this?
Maybe somebody can code an EEM applet to bring the trap back?
Some parts of our infrastructure are still using static port-security and proactive incident management relies on this trap currently.
Thanks for your ideas.