How to configure sticky MAC via SNMP?

[Enhancement] Support sticky mac (SNMP/MIB) on ECS4100 series

Support version: ECS4100 series Version V1.2.30.183 and above.

[SNMPSET command format]

snmpset -v 2c -c private {switch ip} { portSecPortStatus | portSecAction | portSecMaxMacCount | portSecStickyMacStatus }.{ portSecPortIndex } {integer} {value}

snmpset -v 2c -c private {switch ip} { networkAccessAging }.0 {integer} {value}

For portSecPortStatus, OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.2

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.2 to enabled(1) to enable port security.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.2 to disabled(2) to disable port security.

For portSecAction, OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3

The corresponding actions that will take place when a port is under intrusion.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3 to none(1), no action will be performed.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3 to trap(2), a swPortSecurityTrap trap will be sent.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3 to shutdown(3), the port will shutdown.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3 to trapAndShutdown(4), a swPortSecurityTrap will be sent and the port will shutdown.

For portSecMaxMacCount, OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.4

The maximun number of MAC addresses that will be learned and locked.

Value for the number of MAC address. (Range: <0-1024> )

For portSecStickyMacStatus, OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.8

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.8 to enabled(1) to start sticky MAC feature for preventing dynamic secure MAC addresses port move.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.8 to disabled(2) to stop sticky MAC feature.

For portSecPortIndex: The port interface of the portTable.

The ifIndex value of the port or trunk.

For networkAccessAging, OID 1.3.6.1.4.1.259.10.1.46.1.17.13.5.0

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.13.5.0 to enabled(1) to enable MAC address aging feature.

Set OID 1.3.6.1.4.1.259.10.1.46.1.17.13.5.0 to disabled(2) to disable MAC address aging feature.

Example:

(1) Enable Port Security function on interface ethernet 1/2.

snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.2.2 interger 1

(2) Configure the action to "shutdown" port on interface ethernet 1/2 when Port Security is violated.

snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.3.2 interger 3

(3) Configure Port Security port maximum MAC address count to "10" on interface ethernet 1/2.

snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.4.2 interger 10

(4) Enable sticky MAC feature on interface ethernet 1/2.

snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.46.1.17.2.1.1.8.2 interger 1

(5) Enable MAC address aging feature globally.

snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.46.1.17.13.5.0 interger 1

Result:

Console#show running-config interface ethernet 1/2
interface ethernet 1/2
 port security max-mac-count 10
 port security
 port security action shutdown
 port security mac-address sticky
!

Prev Page What's the behavior for the command "MVR transmit-filter" ?

Next Page How to enable sticky mac on ECS4620 Series ?

Hot articles