Cisco Port-Security Alerts / Events

jkloza

Hey all,

I'm fairly new to the solarwinds software suite, and am looking for some information specific to my environment.  We currently run port security, and i'm looking for a way to be able to trigger an alert off of a port-security violation.  There's not much information about this on the solarwinds / thwack site, so i'm wondering if anyone out there has experience doing this.

Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen.  I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap sent for the port-security violation, I'm just not sure what's happening to the information that is being sent to the solarwinds server.  Do I have to have licensing for every switchport to see this even triggered, or is the fact that my SNMP client is forwarding the message to the solarwinds server enough?

The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data.  I'm just looking for a way to see these events happen without having to monitor every single switchport on my networks...

Any help is always appreciated.

Thanks -

Jonathan Kloza

rhugh

If the trap you are seeing is what you want, and you can set it on the Solarwinds server, then you can set up your alert on the trap viewer, i.e., start the trap viewer application, and set up an alert from there.  I'm sure there is plenty of information out there that will show you how to set up the alert, but if you need it, I'm sure we can come up with something.  But you don't need to monitor every switchport; you just need to monitor the device, and have it send the trap to the Solarwinds server.