Let’s assume that I have a port open in my Cisco switch for guest users and I would like to keep track of the new mac-addresses that are added or existing mac-addresses that are removed from that port.
I have a NMS (Network Management System), capable of receiving SNMP, traps that will send me an e-mail alert whenever one of the above mentioned situations happens.
For this test I did use the following IP addresses:
– Cisco switch L3 interface from where the SNMP traps will be send: Lo10, 126.96.36.199 /32
– Cisco switch L2 port where I want to track the mac-address change: Fa0/10
– NMS IP address: 172.31.82.254
– SNMP community string: Cisco
OK, this is a simple example, but it can be useful in some situation or for Cisco exam preparation.
First let’s bring the Lo10 interface UP and configure the IP address. Please keep in mind that without a L3 interface the SNMP configuration will raise an alarm and the system will not work.
interface Loopback10 ip address 188.8.131.52 255.255.255.255
Next, I’ll configure the SNMP part:
SW(config)#snmp-server host 172.31.82.254 traps Cisco SW(config)#snmp-server enable traps mac-notification
Following is the actual configuration for mac-address change notification:
SW(config-if)#snmp trap mac-notification change ? added Enable Mac Address added notification for this port removed Enable Mac Address removed notification for this port
The above lines show the possible options. You can use them both if you want to receive notification for adding and removing of the mac-address or any of these options separately. I did use both for this test.
Let’s verify if the configuration is applied correctly:
SW#show mac address-table notification change interface fa0/10 MAC Notification Feature is Disabled on the switch Interface MAC Added Trap MAC Removed Trap --------- -------------- ---------------- FastEthernet0/10 Enabled Enabled
I find this helpful if you have open ports which require special attention and for some reason you cannot use some technique like dot1x or lock them on static mac-address.