Using NetCrunch to track Port Security status of Cisco switches.
Cisco port security is a great feature to make your network safer. Learn how to configure NetCrunch to display the status of Cisco Port Security on the switch interfaces.
About Cisco Port Security:
Port security is a traffic control feature. It enables an administrator to configure individual switch ports in order to allow only a specified number of source MAC addresses accessing the port. You can read about port security in the official Cisco guide.
Configuring SNMP View to display Port Security status
After Port Security is configured on your switch, the next step is to make sure that the node where this feature is configured is correctly monitored by NetCrunch. The node needs to have SNMP enabled with proper community credentials to get the data we are interested in.
Open node status, click on menu icon located in the top right corner and click on SNMP view.
Switch to Basic Info in the Interfaces category, click on Options and then Edit Current View Form
After SNMP View Editor appears, click on Insert in top Menu and select Column
Select Local Lookup and hit next.
Name your column in Caption - for this purpose we will use the name: Port Security
Click on the blue cross icon to define the new OID, provide the Caption and enter: 220.127.116.11.18.104.22.168.322.214.171.124.1.1 in the OID section. This OID represents the status of Port Security on interfaces.
One last thing to do is to map values to "understandable" statuses - click on the [...] button in Display Table box.
Click on the blue cross icon and provide the name (Port Security) - save and then double click on the table you just created.
Add new lookup table value by clicking on the blue cross icon. Fill in the first box with the value "2", the second box should have "Disabled" text in it.
Add second lookup table value - this time the value should be "1" and the text should be "Enabled"
After configuration - your Column Properties window should look like the screen below
Save everything and close the SNMP View Editor window.
In the result, the new Port Security column is displayed that represents the current status of Port Security on the interfaces of the switch.
Alerting about changes in Port Security status
It is also possible to get alerting about Port Security changes. To add such alert we will use the already known oid. Please follow the steps given below:
- Open Node Settings of switch, on which you want to configure alerts
- Under the
SNMPsection, please click
Alertstab, please use + Add Alert button
- Select and double-click
New Event for SNMP Variable Value
- Click on the
<Select SNMP Variable>
- In the
Enter OID...field enter 126.96.36.199.188.8.131.52.3184.108.40.206.1.1 oid
- Click Next button
- Select an instance (The port number), that you want to monitor
- Click OK button
- Next to the
Equals toplease enter 2 (2 means
Disabled, 1 means
- Enter the alert description
- Save all settings
If you want to monitor more than one port, you should add other alerts using the steps above, and select other ports in step 8.