Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

6500 SNMP Trap for New ARP Entries ?

Hi all,

Does anyone know if the 6500 is capable of sending SNMP traps or logs to a management station or itself, whenever a new ARP entry occurs or a new MAC address is learned ?

Customer does not want to query the 6500 periodically. Instead they require a trap or log sent to the management station ? Anyone has done anything like this before ?

Thanks in advance.

3 REPLIES
Cisco Employee

Re: 6500 SNMP Trap for New ARP Entries ?

Such a feature exists for CAM table entries (using the CISCO-MAC-NOTIFICATION-MIB), but not for ARP entries. You could create such a notification, though, by using the Embedded Event Manager. You could write an EEM Tcl policy which periodically checks the ARP table for changes, and sends a trap indicating a change has occurred, and even include the new entry data.

This will require you to be running 12.2(18)SXF4 (modular IOS) or 12.2(18)SXF5 (native IOS). See http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd805457c3.html for more on EEM on the 6500s. Checkout http://www.cisco.com/go/ciscobeyond/ for some good EEM examples.

Community Member

Re: 6500 SNMP Trap for New ARP Entries ?

I'm also looking for this "Arpwatch" functionality. Wouldn't the EEM Tcl script overwhelm the router checking the ARP table for changes?

Cisco Employee

Re: 6500 SNMP Trap for New ARP Entries ?

Potentially, yes. It would depend on the size of the table, and frequency of the EEM policy. Testing out a solution in the lab would be a must. There is one tool in IOS that would help with implementing this feature. You could dump the arp table to a file on flash, then use "show archive config differences" to diff the current table to the last run table. Then iterate through the modified lines to generate traps.

1026
Views
14
Helpful
3
Replies
CreatePlease to create content