HPE Community
Comware Based
1753776 Members
7505 Online
108799 Solutions
New Discussion

Set PortSecurity with SNMP on A5120-48G SI

 
sburg
Occasional Visitor

‎11-19-2013 06:26 AM

‎11-19-2013 06:26 AM

Set PortSecurity with SNMP on A5120-48G SI

Hi,

 

I am trying to automate the configuration of a A5120 Switch script-based. Among several ways of getting the configuration done, such as via Telnet or (T)FTP, I personally believe that SNMP is the way to go. Anyway, I am currently facing problems when I try to assign Mac-Addresses to specific Switch-Ports via SNMP. The goal is to preset MAC-Addresses to Switch-Ports which are then supposed to be exclusively allowed to operate on that specific port.

 

In the MIB package I already found some promising OIDs:

 

.1.3.6.1.4.1.25506.2.26.1.2.2
hh3cSecureAddressTable OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  MAX-ACCESS    not-accessible
  STATUS        current
  DESCRIPTION   "This table stores the MAC addresses assigned to each
        port.  This table can be written to by the agent as well as the
        management station."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) 2 }

.1.3.6.1.4.1.25506.2.26.1.2.2.1
hh3cSecureAddressEntry OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  MAX-ACCESS    not-accessible
  STATUS        current
  INDEX         { ifIndex, hh3cSecureAddrMAC, hh3cSecureAddrVlanID }
  DESCRIPTION   "This table allows multiple addresses to be assigned to each
        secure port.  It is indexed using the objects ifIndex,
        hh3cSecureAddrMAC and hh3cSecureVlanID."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) 1 }

.1.3.6.1.4.1.25506.2.26.1.2.2.1.1
hh3cSecureAddrMAC OBJECT-TYPE
  -- FROM       HH3C-PORT-SECURITY-MIB
  -- TEXTUAL CONVENTION MacAddress
  SYNTAX        OCTET STRING (6)
  DISPLAY-HINT  "1x:"
  MAX-ACCESS    accessible-for-notify
  STATUS        current
  DESCRIPTION   "The MAC address of a station assigned to this port.
        This is the second index into the hh3cSecureAddressTable."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) hh3cSecureAddressEntry(1) 1 }

 

 

In short, there is a SecureAddressTable, which contains SecureAddressEntries. I tried to create SecureAddrMAC-Object with snmpset but all I get is the following:

 

Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)

 

Interesting is, that the hh3cSecureAddrMAC Object says "accessible-for-notify" in MAX-ACCESS (see above). Maybe this means the object may only be used together with SNMP-traps, but I am not sure. On the other hand I can't imagine that some basic feature like port security can't be configured by SNMP. Please post your thoughts if you may have any idea how to fix this.

 

Thanks in advance!

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.