How to read/write port-security maximum per-vlan using SNMP on a 2960 ?

Unanswered Question
Apr 23rd, 2010
User Badges:

Hi there,


I'm trying to configure port-security using SNMP on a 2960 (12.2(52)SE).


Here is the switchport config I want:



interface FastEthernet0/x

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address xxxx.xxxx.xxxx vlan access


I've found all the required OIDs but I can't find the one for this line:

switchport port-security maximum 1 vlan access



Setting 'switchport port-security maximum 2' using cpsIfMaxSecureMacAddr  (included in the cpsIfConfigTable) was really straight forward.

By looking into the Cisco MIBs I found the cpsIfVlanMaxSecureMacAddr  (included in the cpsIfVlanTable) but it looks like it is obsolete and I cant read it.


Any help would really help me.

Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Farrukh Haroon Thu, 04/29/2010 - 04:34
User Badges:
  • Red, 2250 points or more

Hello


Please try the following OID


cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-create
        STATUS          current

For more details please see:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PORT-SECURITY-MIB.my

Please rate if helpful.

Regards
Farrukh
inverse2009 Thu, 04/29/2010 - 08:28
User Badges:

Hi Farrukh,


thanks a lot for your answer.


I already saw and tried this OID but it looks like I do NOT have access to the cpsIfMultiVlanTable or I dont know how to access it.


I haven't been able to find out what Cisco means by a multi-vlan port. Does it apply to my setup ?


I tried to snmpwalk this table and I do not get any reply from the switch:


[pf-dev ~]# snmpwalk -v 2c -c xxxxxx  192.168.1.61 1.3.6.1.4.1.9.9.315.1.2.5

SNMPv2-SMI::enterprises.9.9.315.1.2.5 = No Such Object available on this agent at this OID

I'm thinking that maybe I could directly access the cpsIfMultiVlanMaxSecureMacAddr for the Vlan I want.

But based on the cpsIfMultiVlanTable structure, it looks like the entries are indexed by the cpsIfMultiVlanIndex

which is "The VLAN ID of an allowed VLAN for this multi-vlan port."

So I guess I need to know the cpsIfMultiVlanIndex. How does it work ? cause it does not seem to be the 'regular' VLAN id.


Last but not least: the port ifIndex has to be involved somewhere too.

Because I want to know the port-security maximum for the access Vlan for a particular port.


Any idea ?


Regis

Actions

This Discussion

Related Content