Is there no violation command for port-security on the 1238? If not is there an SNMP trap or a syslog event that we can monitor that informs us of a port that exceeds the maxinum number of addresses?
Thanks,
Sean
Sean:
Thank you for posting this question in the Support Community. The switchport port-security violation <protect | restrict | shutdown> commands do not exist in the NetVanta 1234 and 1238 because the physical hardware chipset does not support the optional functionality. By default the only option supported is switchport port-security violation protect.
Therefore, when a violation occurs the unit determines that the unit will not learn any new secure addresses (nor allow these new sources to pass traffic) until the number of currently active secure addresses drops below the maximum setting. The interface follows port-security rules, but does not notify the user if a port-security violation is encountered through an event message or an SNMP trap.
Let me know if you have any further questions about this topic.
Levi
Sean:
Thank you for posting this question in the Support Community. The switchport port-security violation <protect | restrict | shutdown> commands do not exist in the NetVanta 1234 and 1238 because the physical hardware chipset does not support the optional functionality. By default the only option supported is switchport port-security violation protect.
Therefore, when a violation occurs the unit determines that the unit will not learn any new secure addresses (nor allow these new sources to pass traffic) until the number of currently active secure addresses drops below the maximum setting. The interface follows port-security rules, but does not notify the user if a port-security violation is encountered through an event message or an SNMP trap.
Let me know if you have any further questions about this topic.
Levi
Levi, just as a follow up to this. There is no way to tell if a port is in protected mode other than doing a "show port-security" command and seing the number of current addresses saved on the port and relating that to what we had set as our maximum?
Is there any plans to add an event message regarding port-security ?
Thanks,
Sean
Sean:
You are correct. Unfortunately, the Netvanta 1234 and 1238 does not provide the user an easy way to view which ports are the port-security protected violation mode. The method you described above is the best way to achieve this.
Currently, there are no plans to implement event messages for when a port transitions into a port-security protected violation mode on the NetVanta 1234 and 1238.
Levi