HPE Community
Aruba & ProVision-based
1753502 Members
4983 Online
108794 Solutions
New Discussion

how set authorized mac address by SNMPSET

 
alexbj
Occasional Contributor

‎08-07-2019 06:27 AM

‎08-07-2019 06:27 AM

how set authorized mac address by SNMPSET

Dear all,

I have a switch HP J9775A 2530-48G and I would like to set a port on security mode through SNMP.

I found this MIB for setting max mac count on port 7

1.3.6.1.4.1.11.2.14.2.10.3.1.3.1.7 i 1

and this for setting port 7 as configured mode

1.3.6.1.4.1.11.2.14.2.10.3.1.4.1.7 i 4

What must I do now in order to specifying what mac address is authorized on port 7?

I tried this command without success: 

snmpset -v2c -c public 192.168.0.34 1.3.6.1.4.1.11.2.14.2.10.4.1.4.1.0.17.34.51.68.85 x 02

MIB=> 1.3.6.1.4.1.11.2.14.2.10.4.1.4.1. 

(mac hex) 001122334455 =>  (mac dec) 0.17.34.51.68.85

02 is port ( 7 ) in octet format

Error in packet.
Reason: wrongType (The set datatype does not match the data type the agent expects)
Failed object: SNMPv2-SMI::enterprises.11.2.14.2.10.4.1.4.1.0.17.34.51.68.85

I hope you can help me.

Best regards,

Alessandro

 

 

 

0 Kudos
1 REPLY 1
drk787
HPE Pro

‎10-16-2019 11:47 PM

‎10-16-2019 11:47 PM

Re: how set authorized mac address by SNMPSET

Hi,

Try changing the  hpSecPtLearnMode  (learnFirstN or learnFirstNConditionally) and test.

Below are the MIB details.

 

Name: hpSecPtAddressLimit
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.11.2.14.2.10.3.1.3
Full Path: iso.org.dod.internet.private.enterprises.hp.nm.icf.icfHub.hubSecurity.hpSecurePortTable.hpSecurePortEntry.hpSecPtAddressLimit
Module: HP-ICF-GENERIC-RPTR
Parent: hpSecurePortEntry
Max Access: read-write
NumericalSyntax: Integer32
ComposedSyntax: Integer32
Status: current
Value Range: 1..32
Description: This object identifies the maximum number of MAC addresses learned on this port when the hpSecPtLearnMode is set to learnFirstN or learnFirstNConditionally. Changing the limit while in these modes clears any addresses for this port in the hpSecureAuthAddrTable. This limit does not apply when the learn mode is set to configureSpecific


Name: hpSecPtLearnMode
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.11.2.14.2.10.3.1.4
Full Path: iso.org.dod.internet.private.enterprises.hp.nm.icf.icfHub.hubSecurity.hpSecurePortTable.hpSecurePortEntry.hpSecPtLearnMode
Module: HP-ICF-GENERIC-RPTR
Parent: hpSecurePortEntry
Max Access: read-write
NumericalSyntax: Integer
ComposedSyntax: INTEGER
Status: current
Enum List: 1:learnLimitedContinuous(6) 2:learn8021xAuthorized(5) 3:configureSpecific(4) 4:learnFirstNConditionally(3) 5:learnFirstN(2) 6:learnContinuous(1)
Description: This object identifies the learning mode of the port. The modes are as follows: LearnContinuous. The port can learn all new MAC addresses. When a new address is learned, it is stored in a manner such that it can be retrieved from the hpSecureAuthAddrTable. Changing the mode to this value clears any existing addresses for this port in the hpSecureAuthAddrTable. learnFirstN. First N source MAC addresses heard on this port become the authorized addresses. N is configured in hpSecPtAddressLimit. Setting this value initiates learning of up to N new authorized addresses. When a new authorized address is learned, it will be stored in the hpSecureAuthAddrTable. When the table has reached its limit N for this port, any new source MAC addresses received on the port constitutes an intrusion. See hpSecPtAlarmEnable for possible responses to the intrusion. This variable will return learnFirstNConditionally to a GET operation after it has been set to this value. learnFirstNConditionally. This option will initiate learning of up to N new authorized addresses only if the previous hpSecPtLearnMode was not set to learnFirstN or learnFirstN- Conditionally. N is configured in hpSecPtAddressLimit. configureSpecific. The port will not learn any addresses. Rather, specific authorized MAC addresses for this port are explicitly configured via the hpSecureCfgAddrTable. These addresses are also stored in the hpSecureAuthAddrTable. Any source MAC address received on this port other than those configured, constitutes an intrusion. See hpSecPtAlarmEnable for possible responses. learn8021xAuthorized. The port will learn only MAC address of a client authorized by 802.1X authenticator. learnLimitedContinuous. First N source MAC addresses heard on this port become the authorized addresses. N is specified by the hpSecPtAddressLimit object. When a new authorized address is learned, it will be stored in the hpSecureAuthAddrTable. When the table has reached its limit N for this port, any new source MAC addresses received on the port constitutes an intrusion. See hpSecPtAlarmEnable for possible responses. The authorized addresses in this mode will age out of the system, therefore the list of authorized addresses can be dynamic over time.

 


Name: hpSecPtAddressLimit
Type: OBJECT-TYPE
OID: 1.3.6.1.4.1.11.2.14.2.10.3.1.3
Full Path: iso.org.dod.internet.private.enterprises.hp.nm.icf.icfHub.hubSecurity.hpSecurePortTable.hpSecurePortEntry.hpSecPtAddressLimit
Module: HP-ICF-GENERIC-RPTR
Parent: hpSecurePortEntry
Max Access: read-write
NumericalSyntax: Integer32
ComposedSyntax: Integer32
Status: current
Value Range: 1..32
Description: This object identifies the maximum number of MAC addresses learned on this port when the hpSecPtLearnMode is set to learnFirstN or learnFirstNConditionally. Changing the limit while in these modes clears any addresses for this port in the hpSecureAuthAddrTable. This limit does not apply when the learn mode is set to configureSpecific.

 

 

 

 

Thank You!
I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.