Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to read/write port-security maximum per-vlan using SNMP on a 2960 ?

Hi there,

I'm trying to configure port-security using SNMP on a 2960 (12.2(52)SE).

Here is the switchport config I want:

interface FastEthernet0/x

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address xxxx.xxxx.xxxx vlan access

I've found all the required OIDs but I can't find the one for this line:

switchport port-security maximum 1 vlan access

Setting 'switchport port-security maximum 2' using cpsIfMaxSecureMacAddr  (included in the cpsIfConfigTable) was really straight forward.

By looking into the Cisco MIBs I found the cpsIfVlanMaxSecureMacAddr  (included in the cpsIfVlanTable) but it looks like it is obsolete and I cant read it.

Any help would really help me.

Thanks

Everyone's tags (5)
2 REPLIES

Re: How to read/write port-security maximum per-vlan using SNMP

Hello


Please try the following OID

cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE
        SYNTAX          Unsigned32
        MAX-ACCESS      read-create
        STATUS          current

For more details please see:

ftp://ftp.cisco.com/pub/mibs/v2/CISCO-PORT-SECURITY-MIB.my

Please rate if helpful.

Regards
Farrukh
New Member

Re: How to read/write port-security maximum per-vlan using SNMP

Hi Farrukh,

thanks a lot for your answer.

I already saw and tried this OID but it looks like I do NOT have access to the cpsIfMultiVlanTable or I dont know how to access it.

I haven't been able to find out what Cisco means by a multi-vlan port. Does it apply to my setup ?

I tried to snmpwalk this table and I do not get any reply from the switch:

[pf-dev ~]# snmpwalk -v 2c -c xxxxxx  192.168.1.61 1.3.6.1.4.1.9.9.315.1.2.5

SNMPv2-SMI::enterprises.9.9.315.1.2.5 = No Such Object available on this agent at this OID

I'm thinking that maybe I could directly access the cpsIfMultiVlanMaxSecureMacAddr for the Vlan I want.

But based on the cpsIfMultiVlanTable structure, it looks like the entries are indexed by the cpsIfMultiVlanIndex

which is "The VLAN ID of an allowed VLAN for this multi-vlan port."

So I guess I need to know the cpsIfMultiVlanIndex. How does it work ? cause it does not seem to be the 'regular' VLAN id.

Last but not least: the port ifIndex has to be involved somewhere too.

Because I want to know the port-security maximum for the access Vlan for a particular port.

Any idea ?

Regis

1619
Views
2
Helpful
2
Replies