SNMP trap - Port Security Violation Shutdown - Problem stumper - Page 2

xaeniac · ‎03-24-2012

All:

Looking into a strange issue; not sure if any of you have seen this before. Basically, no snmp trap is sent for a violation of shutdown. SNMP traps with violation of restrict is sent just fine. Thought this was interesting. On a 6509 the SNMP trap of violation shutdown trap works fine, but on 3560's I can not get it to work, however 3560's violation restrict works great via SNMP. Updated the 3560 ios to the newest version as well to try to resolve.

ip access-list standard SNMP

permit 1.1.1.1

deny any

snmp-server view myview iso included

snmp-server group test1 v3 priv read myview access SNMP

snmp-server user test test1 v3 auth md5 "test" priv aes "test" access SNMP

snmp-server enable traps port-security

snmp-server trap-source lo0

snmp-server host 1.1.1.1 version 3 priv test

int fa 0/0

switchport port-security

switchport port-security mac sti

switchport port-security vio shutdown (DOES NOT WORK)

switchport port-security vio restrict (WORKS!!)

of course port is shut and no shut everytime to generate a trap

debug snmp packets reveals no packets sent for a violation of shutdown.

sh snmp (reveals no update count for sent in a violation shutdown)

xaeniac · ‎12-03-2012

Adam:
I did open a TAC Case and basically found out the IOS does not support it. Cisco forwarded it to the coding development department, but specified that there will be no promises to fix this. The wierd tidbit is that the snmp shutdown trap is sent on a Catalyst 6509. I feel this would not be hard to implement this in the code and find it odd there is no SNMP uniformity amongst the Catalyst family.