Cisco 2960 et traps snmp port-security

Cisco 2960 et traps snmp port-security - Réseaux - Systèmes & Réseaux Pro

Marsh Posté le 21-09-2010 à 17:53:56    

Bonjour à tous,
 
je souhaite qu'un 2960 me notifie par un trap snmp lorsque qu'il y'a une violation de securité sur un port en port-security sticky.
J'ai activé le snmp-server:

Citation :

snmp-server community public RO
snmp-server trap-source Vlan1
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps cluster
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps energywise
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps power-ethernet group 1-4
snmp-server enable traps power-ethernet police
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps stackwise
snmp-server enable traps errdisable
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server host 172.25.250.16 public  


 
et je m'attendais à voir la notification cpsSecureMacAddrViolation de CISCO-PORT-SECURITY-MIB décrite comme:

Citation :

cpsInterfaceNotifs
        OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBNotifs 0 }
cpsSecureMacAddrViolation NOTIFICATION-TYPE
        OBJECTS  { ifIndex, ifName, cpsIfSecureLastMacAddress }
        STATUS  current
        DESCRIPTION            "The address violation notification is generated
             when port security address violation is detected
             on a secure non-trunk, access interface (that carries
      a single vlan) and the cpsIfViolationAction is set to
      'dropNotify'.
"
        ::= { cpsInterfaceNotifs 1 }


 
au lieu de cela, quand je force un psecure_violation, je ne vois que les traps qui correspondent à la MIB CISCO-SYSLOG-MIB il me semble (les 41.1) :

Citation :

2010-09-21 17:19:07 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 SNMPv2-MIB::snmpTraps Warm Start Trap (0) Uptime: 8 days, 3:03:15.88
 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (70219588) 8 days, 3:03:15.88
2010-09-21 17:19:08 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 CISCO-SMI::ciscoMgmt.41.2 Enterprise Specific Trap (1) Uptime: 8 days, 3:04:04.52
 CISCO-SMI::ciscoMgmt.41.1.2.3.1.2.73 = STRING: "LINK" CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.73 = INTEGER: 4 CISCO-SMI::ciscoMgmt.41.1.2.3.1.4.73 = STRING: "UPDOWN" CISCO-SMI::ciscoMgmt.41.1.2.3.1.5.73 = STRING: "Interface GigabitEthernet1/0/1, changed state to up" CISCO-SMI::ciscoMgmt.41.1.2.3.1.6.73 = Timeticks: (70224452) 8 days, 3:04:04.52
2010-09-21 17:19:08 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 SNMPv2-MIB::snmpTraps Link Up Trap (0) Uptime: 8 days, 3:04:05.52
 RFC1213-MIB::ifIndex.10101 = INTEGER: 10101 RFC1213-MIB::ifDescr.10101 = STRING: "GigabitEthernet1/0/1" RFC1213-MIB::ifType.10101 = INTEGER: ethernet-csmacd(6) CISCO-SMI::local.2.1.1.20.10101 = STRING: "up"
2010-09-21 17:19:08 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 CISCO-SMI::ciscoMgmt.41.2 Enterprise Specific Trap (1) Uptime: 8 days, 3:04:06.55
 CISCO-SMI::ciscoMgmt.41.1.2.3.1.2.74 = STRING: "PM" CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.74 = INTEGER: 5 CISCO-SMI::ciscoMgmt.41.1.2.3.1.4.74 = STRING: "ERR_DISABLE" CISCO-SMI::ciscoMgmt.41.1.2.3.1.5.74 = STRING: "psecure-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state" CISCO-SMI::ciscoMgmt.41.1.2.3.1.6.74 = Timeticks: (70224654) 8 days, 3:04:06.54
2010-09-21 17:19:09 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 CISCO-SMI::ciscoMgmt.41.2 Enterprise Specific Trap (1) Uptime: 8 days, 3:04:06.56
 CISCO-SMI::ciscoMgmt.41.1.2.3.1.2.75 = STRING: "PORT_SECURITY" CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.75 = INTEGER: 3 CISCO-SMI::ciscoMgmt.41.1.2.3.1.4.75 = STRING: "PSECURE_VIOLATION" CISCO-SMI::ciscoMgmt.41.1.2.3.1.5.75 = STRING: "Security violation occurred, caused by MAC address 0003.47b6.bb4c on port GigabitEthernet1/0/1." CISCO-SMI::ciscoMgmt.41.1.2.3.1.6.75 = Timeticks: (70224655) 8 days, 3:04:06.55
2010-09-21 17:19:09 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 CISCO-SMI::ciscoMgmt.548.0.1 Enterprise Specific Trap (1) Uptime: 8 days, 3:04:06.58
 CISCO-SMI::ciscoMgmt.548.1.3.1.1.2.10101.0 = INTEGER: 9
2010-09-21 17:19:10 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 SNMPv2-MIB::snmpTraps Link Down Trap (0) Uptime: 8 days, 3:04:07.54
 RFC1213-MIB::ifIndex.10101 = INTEGER: 10101 RFC1213-MIB::ifDescr.10101 = STRING: "GigabitEthernet1/0/1" RFC1213-MIB::ifType.10101 = INTEGER: ethernet-csmacd(6) CISCO-SMI::local.2.1.1.20.10101 = STRING: "down"
2010-09-21 17:19:10 172.25.250.253(via UDP: [172.25.250.253]:60236) TRAP, SNMP v1, community public
 CISCO-SMI::ciscoMgmt.41.2 Enterprise Specific Trap (1) Uptime: 8 days, 3:04:08.54
 CISCO-SMI::ciscoMgmt.41.1.2.3.1.2.76 = STRING: "LINK" CISCO-SMI::ciscoMgmt.41.1.2.3.1.3.76 = INTEGER: 4 CISCO-SMI::ciscoMgmt.41.1.2.3.1.4.76 = STRING: "UPDOWN" CISCO-SMI::ciscoMgmt.41.1.2.3.1.5.76 = STRING: "Interface GigabitEthernet1/0/1, changed state to down" CISCO-SMI::ciscoMgmt.41.1.2.3.1.6.76 = Timeticks: (70224854) 8 days, 3:04:08.54


 
Qu'est ce que je peux bien faire de travers ?
 
merci,
Az'

Reply

Marsh Posté le 21-09-2010 à 17:53:56   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed