How to read/write port-security maximum per-vlan using SNMP on a 2960 ?

Unanswered Question
Apr 23rd, 2010

Hi there,

I'm trying to configure port-security using SNMP on a 2960 (12.2(52)SE).

Here is the switchport config I want:

interface FastEthernet0/x

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address xxxx.xxxx.xxxx vlan access

I've found all the required OIDs but I can't find the one for this line:

switchport port-security maximum 1 vlan access

Setting 'switchport port-security maximum 2' using cpsIfMaxSecureMacAddr  (included in the cpsIfConfigTable) was really straight forward.

By looking into the Cisco MIBs I found the cpsIfVlanMaxSecureMacAddr  (included in the cpsIfVlanTable) but it looks like it is obsolete and I cant read it.

Any help would really help me.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 2 (1 ratings)
Farrukh Haroon Thu, 04/29/2010 - 04:34

Hello


Please try the following OID

cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-create
        STATUS          current

For more details please see:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PORT-SECURITY-MIB.my

Please rate if helpful.

Regards
Farrukh
inverse2009 Thu, 04/29/2010 - 08:28

Hi Farrukh,

thanks a lot for your answer.

I already saw and tried this OID but it looks like I do NOT have access to the cpsIfMultiVlanTable or I dont know how to access it.

I haven't been able to find out what Cisco means by a multi-vlan port. Does it apply to my setup ?

I tried to snmpwalk this table and I do not get any reply from the switch:

[pf-dev ~]# snmpwalk -v 2c -c xxxxxx  192.168.1.61 1.3.6.1.4.1.9.9.315.1.2.5

SNMPv2-SMI::enterprises.9.9.315.1.2.5 = No Such Object available on this agent at this OID

I'm thinking that maybe I could directly access the cpsIfMultiVlanMaxSecureMacAddr for the Vlan I want.

But based on the cpsIfMultiVlanTable structure, it looks like the entries are indexed by the cpsIfMultiVlanIndex

which is "The VLAN ID of an allowed VLAN for this multi-vlan port."

So I guess I need to know the cpsIfMultiVlanIndex. How does it work ? cause it does not seem to be the 'regular' VLAN id.

Last but not least: the port ifIndex has to be involved somewhere too.

Because I want to know the port-security maximum for the access Vlan for a particular port.

Any idea ?

Regis

Actions

Login or Register to take actions

This Discussion

Posted April 23, 2010 at 2:06 PM
Stats:
Replies:2 Avg. Rating:2
Views:1537 Votes:0
Shares:0

Related Content

Discussions Leaderboard