Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SNMP-TRAPS

I am trying to get my Catalyst 3550 to send snmp-traps for vlan-membership changes. I believe I have the correct syntax in the configuration because I can change traps to config and I get the trap messages but not for vlan-membership changes. I have posted part of the config. Is there something I am missing???

snmp-server engineID local

snmp-server community phil RW

snmp-server enable traps vlan-membership

snmp-server host 192.168.11.100 phil vlan-membership

  • Network Management
16 REPLIES
Cisco Employee

Re: SNMP-TRAPS

What kind of trap are you expecting? The CISCO-VLAN-MEMBERSHIP-MIB only defines one trap, vmVmpsChange which is only sent when the VLAN membership policy server changes. Are you using VMPS on this switch?

New Member

Re: SNMP-TRAPS

I am not using VMPS.... I am trying to get the trap that would let me know whenever a vlan is changed on a switchport. I've looked at some of the other MIB's to find the right one and the description on this one sounded like the one I was looking for

Re: SNMP-TRAPS

You can enable traps for config, that will be for any configuration on the switch, and it will not give you the detail besides telling you that someone made a config change.

As Joe says, its vlan-membership is for vmps:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa1.shtml

You also see it in the mib decription for CISCO-VLAN-MEMBERSHIP-MIB

http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-VLAN-MEMBERSHIP-MIB

There are 2 other traps for vlan, which are out of the topic, but I will mention it here in case someone is interested:

vlancreate Enable SNMP VLAN created traps

vlandelete Enable SNMP VLAN deleted traps

New Member

Re: SNMP-TRAPS

So what is the correct snmp trap for when a vlan assignment is changed on a port on the switch. Basically if a switchport is changed from vlan 330 to vlan 490, I need to get an snmp trap notification so I can follow up with the change

Cisco Employee

Re: SNMP-TRAPS

I don't see such a trap. Are these VLAN changes happening because of dot1x authorizations? Is there a syslog message related to these changes?

New Member

Re: SNMP-TRAPS

It is happening because of dot1x. we run multiple vendors equipment across our network and we vlan each vendor into their own vlan. There has to be a way to be notified when a port on a switch is changed from one vlan to another

Cisco Employee

Re: SNMP-TRAPS

What version of code is this switch running? Do you see any messages in the show logging output related to this? It may be possible to turn such messages into traps if you cannot process them directly as syslog messages.

New Member

Re: SNMP-TRAPS

Current version is 12.1(19)EA1c... I am thinking that they would not have to be traps if the syslog messages are showing the information.

Cisco Employee

Re: SNMP-TRAPS

There is no NAC or PAE MIB support in this version of code, so a direct trap will not be possible.

As Lucien said, you could parse the traps from the CISCO-MAC-NOTIFICATION-MIB to see when a MAC is learned on a specific port and VLAN. For example, a cmnMacChangedNotification trap will contain a cmnHistMacChangedMsg varbind in the following format:

...

Where is either 0 (for end of list), 1 (for a MAC being learned, or 2 (for a MAC being removed). The field will contain a 16-bit VLAN number, and the field will contain a 16-bit bridge port which can be mapped back to a switch port using the dot1dBasePortIfIndex object from the BRIDGE-MIB.

So, when a user switches from the login VLAN to their final VLAN, you should see a notification indicating that the MAC was removed from the login VLAN, and one for the MAC being added to the final VLAN.

These traps can be enabled with the following commands:

mac address-table notification interval 15

snmp-server enable traps mac-notification

Then, under each port:

snmp trap mac-notification added

snmp trap mac-notification removed

386
Views
0
Helpful
16
Replies
This widget could not be displayed.