Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

Monitor SNMP Trap

Go to solution
Nitesh Prabhakar
Level 1
Level 1

‎04-25-2014 09:10 AM - edited ‎03-11-2019 09:07 PM

i have configured the port securities on my switches..its working fine...but i want to monitor the SNMP trap ie the port violation count ....is there any tool or something which says me that on that switch someone has violated the port security

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎04-25-2014 10:13 PM

Hello,

 

When using Port Security on a Cisco Switch you have 3 options being the Restricted option and ofcourse the Shutdown option the ones that actually do both (Generate a SNMP trap and generates a log).

 

Note that each of these actions increment the SNMP violation counter.

 

You could then export syslogs messages related to this topic to a syslog server or even perform SNMP walks to obtain this info.

 

Manually just check for show port-security .   As this will show you the counters of violations

 

Makes sense?

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
SOcchiogrosso
Level 4
Level 4

‎04-25-2014 05:34 PM

I would configure logging to a syslog server or a network monitoring server. That will give you a centralized view for these logs. Most syslog servers and/or network monitoring servers allow you create filters so you can easily view these particular events.

 

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/
0 Helpful

Go to solution
Nitesh Prabhakar
Level 1
Level 1
In response to SOcchiogrosso

‎04-26-2014 01:27 AM

Socchi thanx for reply ...

that i know a syslog server has to be configured but filter option is dere or not i willl check ...i have already configured it ....but it generates all the log regarding that device ...i want only the port viaolation(restrict) logs

 

 

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎04-25-2014 10:13 PM

Hello,

 

When using Port Security on a Cisco Switch you have 3 options being the Restricted option and ofcourse the Shutdown option the ones that actually do both (Generate a SNMP trap and generates a log).

 

Note that each of these actions increment the SNMP violation counter.

 

You could then export syslogs messages related to this topic to a syslog server or even perform SNMP walks to obtain this info.

 

Manually just check for show port-security .   As this will show you the counters of violations

 

Makes sense?

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Nitesh Prabhakar
Level 1
Level 1
In response to Julio Carvajal

‎04-26-2014 01:29 AM

Thanx Jcarvaja

 

I have already configured it for restrict and able to see the show port-security...i want to monitor on real time basis...if someone violate ....it should show in the log screen

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card