WS-C4006 Software, Version NmpSW: 7.6(7)

The MAC notifications are only available via SNMP traps. Using an external gateway, you could change these traps into syslog messages, however.

As for a graphical management tool, your best bet would be CiscoView which is part of CiscoWorks LAN Management Solution. It will present you a full chassis view and allow you to monitor and configure per-port as well as chassis attributes.

Can you tell me how can I make that change?

I do not have any example code to translate an SNMP trap into a syslog message.

I'm receiving this in syslog but I dont know what it actually means.

2007-06-27 17:38:39 Local7.Info x.y.z.20 community=public enterprise=1.3.6.1.4.1.9.9.215.2.1 enterprise_mib_name=cmnMacChangedNotification uptime=-1200749739 agent_ip=x.y.z.20 generic_num=6 specific_num=1 version=Ver1 var01_oid=1.3.6.1.4.1.9.9.215.1.1.8.1.2.1250 var01_value="Hex String=01 00 01 00 00 AA 6F 07 19 00 DC 01 00 01 00 50 04 65 18 4D 00 DC 00" var01_mib_name=cmnHistMacChangedMsg.1250 var01_value="Hex String=01 00 01 00 00 AA 6F 07 19 00 DC 01 00 01 00 50 04 65 18 4D 00 DC 00" var02_oid=1.3.6.1.4.1.9.9.215.1.1.8.1.3.1250 var02_value=3094217557 var02_mib_name=cmnHistTimestamp.1250 var02_value=3094217557

How can I translate these into smtg I can understand ?

This is a cmnMacChangedNotification trap from the CISCO-MAC-NOTIFICATION-MIB. It looks like this trap message is as detailed as it's going to get in this management application. But I'm not sure what management application you're using, so I can't say that for certain.

var1 is cmnHistMacChangedMsg which is the change notification message. This is an octet string in the format ... where each tuple is in the format . So, this message says that the MAC 00:00:AA:6F:07:19 was learned by this switch on the port with the dot1dBasePort value of 220. This port is in VLAN 1. The messages goes on to say that MAC 00:50:04:65:18:4D was learned on the port with the dot1dBasePort value of 220 (same port as the first MAC). The first MAC is from a Xerox device, and the second is from a 3com device.

var2 is cmnHistTimestamp of the value of sysUpTime on the device when the events mentioned in cmnHistMacChangedMsg occurred. In this case, the switch had been up for just over 51 weeks.

I'm using Kiwi syslog. Do you recommend something else ? (preferably freeware)

Is there a document that I can use to understand how you "translate" it ?

Otherwise can you help me a little bit further to understand it ?

I appreciate your help!

Thanks!

I use net-snmp (http://net-snmp.sourceforge.net), but Kiwi might be a bit easier to use. Everything you will need to translate the varbinds in this trap can be found in the CISCO-MAC-NOTIFICATION-MIB and the BRIDGE-MIB. Looks like you have the former loaded into Kiwi already. I imagine you might also have the latter loaded as well.

Just read the description for the trap in the CISCO-MAC-NOTIFICATION-MIB, then read the descriptions for the two varbind objects. The only cross referencing you will need to do for this trap is to understand the dot1dBasePort that is defined in the BRIDGE-MIB.