HPE Community
IMC
1825891 Members
3122 Online
109689 Solutions
New Discussion

IMC not generating specific alarm

 
UNSFCBW01
New Member

‎12-09-2019 08:56 AM

‎12-09-2019 08:56 AM

IMC not generating specific alarm

Hello,

I would like to setup IMC so that when an unauthorised device is connected into a specific switch interfaces it generates a major alarm – we have a lot of public areas within our business.

I setup port-security with learn mode static and the action send-alarm. To test I connected another device into this interface which gets disabled and added into the intrusion log.

However, from IMC no alarm is being generated. Within IMC browse trap I can see it logging ‘hpicfIntrusionTrap’ OID 1.3.6.1.4.1.11.2.14.12.4.1 and have changed the severity to Major.

Any ideas what else I need to do? Apologies I am new to IMC and couldn’t find the answer on google.

Thank you.

0 Kudos
1 REPLY 1
jguse
HPE Pro

‎12-10-2019 02:56 AM

‎12-10-2019 02:56 AM

Re: IMC not generating specific alarm

Hello,

Generally speaking, iMC needs two things to elevate a Trap to an Alarm:

1) An definition of the Trap in the Trap Definition page. Since you see the proper trap in Trap Browse, this should be in place already.

2) The Trap added to a Trap to Alarm rule, on the page with the same name under Trap Management. You could add a new rule and include that particular trap in it. Then iMC will be configured to generate an alarm (with the trap definition's severity) once it receives it.

Keep in mind that the Trap Filtering feature includes a Duplicate Trap Filter, which will prevent a second alarm from being generated if the same trap is received within a certain time window. If you always want to receive an alarm every time this trap is received in iMC, modify the Duplicate Trap Filter, and add the trap to the "Unfiltered Duplicate Traps" list.

Hope that helps. Let me know if you need additional clarification.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.