Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4323
Views
0
Helpful
3
Replies

port-security traps - 3750

gocarroll
Level 1
Level 1

‎10-21-2010 10:24 AM - edited ‎03-06-2019 01:40 PM

My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.

We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.

Here is one of the port configurations:

interface FastEthernet1/0/45

switchport access vlan 5

switchport mode access

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 001a.a0ff.39cc vlan access

duplex full

no cdp enable

spanning-tree portfast

Here is the snmp-server configuration:

snmp-server community ******** RO

snmp-server community ******** RW

snmp-server enable traps port-security

snmp-server enable traps errdisable

snmp-server host 10.10.10.10 ********  port-security errdisable

And here is the output of the port-security debug:

2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down

2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state

2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.

All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2.

Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.

Has anyone else seen this sort of behavior and been able to resolve it?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

gocarroll
Level 1
Level 1

‎10-27-2010 11:24 AM

Please disregard the above. I found information in the configuration guide, page 675, for release 12.2(55) that switchport port-security violation shutdown no longer sends traps.

I am going to wager that this change was made in 12.2(53) since the configuration guide, page 672, for release 12.2(5) says switchport port-security violation shutdown sends traps.

0 Helpful

Tobias Moritz
Level 1
Level 1

‎02-27-2012 06:02 AM

Unfortunatly, this is also true for IOS 12.2(58) and 15.0(1), tested here on a WS-C3750X-48PF-S.

Is there any workaround for this?

Maybe somebody can code an EEM applet to bring the trap back?

Some parts of our infrastructure are still using static port-security and proactive incident management relies on this trap currently.

Thanks for your ideas.

0 Helpful

gocarroll
Level 1
Level 1
In response to Tobias Moritz

‎02-28-2012 07:08 AM

The switches do report the port violation in the syslog so I've been using these syslog entries to send out alerts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card