Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Monitor SNMP Trap

i have configured the port securities on my switches..its working fine...but i want to monitor the SNMP trap ie the port violation count ....is there any tool or something which says me that on that switch someone has violated the port security

1 ACCEPTED SOLUTION

Accepted Solutions

Hello, When using Port

Hello,

 

When using Port Security on a Cisco Switch you have 3 options being the Restricted option and ofcourse the Shutdown option the ones that actually do both (Generate a SNMP trap and generates a log).

 

Note that each of these actions increment the SNMP violation counter.

 

You could then export syslogs messages related to this topic to a syslog server or even perform SNMP walks to obtain this info.

 

Manually just check for show port-security .   As this will show you the counters of violations

 

Makes sense?

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
4 REPLIES

I would configure logging to

I would configure logging to a syslog server or a network monitoring server. That will give you a centralized view for these logs. Most syslog servers and/or network monitoring servers allow you create filters so you can easily view these particular events.

 

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/
Community Member

Socchi thanx for reply ..

Socchi thanx for reply ...

that i know a syslog server has to be configured but filter option is dere or not i willl check ...i have already configured it ....but it generates all the log regarding that device ...i want only the port viaolation(restrict) logs

 

 

Hello, When using Port

Hello,

 

When using Port Security on a Cisco Switch you have 3 options being the Restricted option and ofcourse the Shutdown option the ones that actually do both (Generate a SNMP trap and generates a log).

 

Note that each of these actions increment the SNMP violation counter.

 

You could then export syslogs messages related to this topic to a syslog server or even perform SNMP walks to obtain this info.

 

Manually just check for show port-security .   As this will show you the counters of violations

 

Makes sense?

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Thanx Jcarvaja I have already

Thanx Jcarvaja

 

I have already configured it for restrict and able to see the show port-security...i want to monitor on real time basis...if someone violate ....it should show in the log screen

83
Views
0
Helpful
4
Replies
CreatePlease to create content