I have a need to monitor MAC address changes at a Catalyst 4006.
I have enabled to track down the changes into the cam notification, but I'd like to send the changes to a syslog.
I've been messing with snmp traps but havent found the way to it.
Can you help me?
Also do you know any GUI for managing a 4006 and a 4003 ?
The MAC notifications are only available via SNMP traps. Using an external gateway, you could change these traps into syslog messages, however.
As for a graphical management tool, your best bet would be CiscoView which is part of CiscoWorks LAN Management Solution. It will present you a full chassis view and allow you to monitor and configure per-port as well as chassis attributes.
I'm receiving this in syslog but I dont know what it actually means.
2007-06-27 17:38:39 Local7.Info x.y.z.20 community=public enterprise=184.108.40.206.220.127.116.11.215.2.1 enterprise_mib_name=cmnMacChangedNotification uptime=-1200749739 agent_ip=x.y.z.20 generic_num=6 specific_num=1 version=Ver1 var01_oid=18.104.22.168.22.214.171.124.126.96.36.199.1.2.1250 var01_value="Hex String=01 00 01 00 00 AA 6F 07 19 00 DC 01 00 01 00 50 04 65 18 4D 00 DC 00" var01_mib_name=cmnHistMacChangedMsg.1250 var01_value="Hex String=01 00 01 00 00 AA 6F 07 19 00 DC 01 00 01 00 50 04 65 18 4D 00 DC 00" var02_oid=188.8.131.52.184.108.40.206.220.127.116.11.1.3.1250 var02_value=3094217557 var02_mib_name=cmnHistTimestamp.1250 var02_value=3094217557
How can I translate these into smtg I can understand ?
This is a cmnMacChangedNotification trap from the CISCO-MAC-NOTIFICATION-MIB. It looks like this trap message is as detailed as it's going to get in this management application. But I'm not sure what management application you're using, so I can't say that for certain.
var1 is cmnHistMacChangedMsg which is the change notification message. This is an octet string in the format
var2 is cmnHistTimestamp of the value of sysUpTime on the device when the events mentioned in cmnHistMacChangedMsg occurred. In this case, the switch had been up for just over 51 weeks.
I'm using Kiwi syslog. Do you recommend something else ? (preferably freeware)
Is there a document that I can use to understand how you "translate" it ?
Otherwise can you help me a little bit further to understand it ?
I appreciate your help!
I use net-snmp (http://net-snmp.sourceforge.net), but Kiwi might be a bit easier to use. Everything you will need to translate the varbinds in this trap can be found in the CISCO-MAC-NOTIFICATION-MIB and the BRIDGE-MIB. Looks like you have the former loaded into Kiwi already. I imagine you might also have the latter loaded as well.
Just read the description for the trap in the CISCO-MAC-NOTIFICATION-MIB, then read the descriptions for the two varbind objects. The only cross referencing you will need to do for this trap is to understand the dot1dBasePort that is defined in the BRIDGE-MIB.