- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Set PortSecurity with SNMP on A5120-48G SI
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2013 06:26 AM
11-19-2013 06:26 AM
Set PortSecurity with SNMP on A5120-48G SI
Hi,
I am trying to automate the configuration of a A5120 Switch script-based. Among several ways of getting the configuration done, such as via Telnet or (T)FTP, I personally believe that SNMP is the way to go. Anyway, I am currently facing problems when I try to assign Mac-Addresses to specific Switch-Ports via SNMP. The goal is to preset MAC-Addresses to Switch-Ports which are then supposed to be exclusively allowed to operate on that specific port.
In the MIB package I already found some promising OIDs:
.1.3.6.1.4.1.25506.2.26.1.2.2
hh3cSecureAddressTable OBJECT-TYPE
-- FROM HH3C-PORT-SECURITY-MIB
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table stores the MAC addresses assigned to each
port. This table can be written to by the agent as well as the
management station."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) 2 }
.1.3.6.1.4.1.25506.2.26.1.2.2.1
hh3cSecureAddressEntry OBJECT-TYPE
-- FROM HH3C-PORT-SECURITY-MIB
MAX-ACCESS not-accessible
STATUS current
INDEX { ifIndex, hh3cSecureAddrMAC, hh3cSecureAddrVlanID }
DESCRIPTION "This table allows multiple addresses to be assigned to each
secure port. It is indexed using the objects ifIndex,
hh3cSecureAddrMAC and hh3cSecureVlanID."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) 1 }
.1.3.6.1.4.1.25506.2.26.1.2.2.1.1
hh3cSecureAddrMAC OBJECT-TYPE
-- FROM HH3C-PORT-SECURITY-MIB
-- TEXTUAL CONVENTION MacAddress
SYNTAX OCTET STRING (6)
DISPLAY-HINT "1x:"
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION "The MAC address of a station assigned to this port.
This is the second index into the hh3cSecureAddressTable."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) hh3c(25506) hh3cCommon(2) hh3cPortSecurity(26) hh3cPortSecurityMIB(1) hh3cPortSecurityTables(2) hh3cSecureAddressTable(2) hh3cSecureAddressEntry(1) 1 }
In short, there is a SecureAddressTable, which contains SecureAddressEntries. I tried to create SecureAddrMAC-Object with snmpset but all I get is the following:
Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)
Interesting is, that the hh3cSecureAddrMAC Object says "accessible-for-notify" in MAX-ACCESS (see above). Maybe this means the object may only be used together with SNMP-traps, but I am not sure. On the other hand I can't imagine that some basic feature like port security can't be configured by SNMP. Please post your thoughts if you may have any idea how to fix this.
Thanks in advance!
- Tags:
- snmp