Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Set PortSecurity with SNMP on A5120-48G SI

sburg
Occasional Visitor

Set PortSecurity with SNMP on A5120-48G SI

Hi,

 

I am trying to automate the configuration of a A5120 Switch script-based. Among several ways of getting the configuration done, such as via Telnet or (T)FTP, I personally believe that SNMP is the way to go. Anyway, I am currently facing problems when I try to assign Mac-Addresses to specific Switch-Ports via SNMP. The goal is to preset MAC-Addresses to Switch-Ports which are then supposed to be exclusively allowed to operate on that specific port.

 

In the MIB package I already found some promising OIDs:

 

.1.3.6.1.4.1.25506.2.26.1.2.2
hh3cSecureAddressTable OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  MAX-ACCESS    not-accessible
  STATUS        current
  DESCRIPTION   "This table stores the MAC addresses assigned to each
        port.  This table can be written to by the agent as well as the
        management station."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) 2 }

.1.3.6.1.4.1.25506.2.26.1.2.2.1
hh3cSecureAddressEntry OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  MAX-ACCESS    not-accessible
  STATUS        current
  INDEX         { ifIndex, hh3cSecureAddrMAC, hh3cSecureAddrVlanID }
  DESCRIPTION   "This table allows multiple addresses to be assigned to each
        secure port.  It is indexed using the objects ifIndex,
        hh3cSecureAddrMAC and hh3cSecureVlanID."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) 1 }

.1.3.6.1.4.1.25506.2.26.1.2.2.1.1
hh3cSecureAddrMAC OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  -- TEXTUAL CONVENTION MacAddress
  SYNTAX        OCTET STRING (6)
  DISPLAY-HINT  "1x:"
  MAX-ACCESS    accessible-for-notify
  STATUS        current
  DESCRIPTION   "The MAC address of a station assigned to this port.
        This is the second index into the hh3cSecureAddressTable."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) hh3cSecureAddressEntry(1) 1 }

 

 

In short, there is a SecureAddressTable, which contains SecureAddressEntries. I tried to create SecureAddrMAC-Object with snmpset but all I get is the following:

 

Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)

 

Interesting is, that the hh3cSecureAddrMAC Object says "accessible-for-notify" in MAX-ACCESS (see above). Maybe this means the object may only be used together with SNMP-traps, but I am not sure. On the other hand I can't imagine that some basic feature like port security can't be configured by SNMP. Please post your thoughts if you may have any idea how to fix this.

 

Thanks in advance!