Using NetCrunch to track Port Security status of Cisco switches.

Cisco port security is a great feature to make your network safer. Learn how to configure NetCrunch to display the status of Cisco Port Security on the switch interfaces.

About Cisco Port Security:

Port security is a traffic control feature. It enables an administrator to configure individual switch ports in order to allow only a specified number of source MAC addresses accessing the port. You can read about port security in the official Cisco guide.

Configuring SNMP View to display Port Security status

After Port Security is configured on your switch, the next step is to make sure that the node where this feature is configured is correctly monitored by NetCrunch. The node needs to have SNMP enabled with proper community credentials to get the data we are interested in.

  1. Open node status, click on menu icon located in the top right corner and click on SNMP view. menu_icon

  2. Switch to Basic Info in the Interfaces category, click on Options and then Edit Current View Form edit_current_form

  3. After SNMP View Editor appears, click on Insert in top Menu and select Column add_column

  4. Select Local Lookup and hit next.

  5. Name your column in Caption - for this purpose we will use the name: Port Security

  6. Click on the blue cross icon to define the new OID, provide the Caption and enter: in the OID section. This OID represents the status of Port Security on interfaces.

  7. One last thing to do is to map values to "understandable" statuses - click on the [...] button in Display Table box.

  8. Click on the blue cross icon and provide the name (Port Security) - save and then double click on the table you just created.

  9. Add new lookup table value by clicking on the blue cross icon. Fill in the first box with the value "2", the second box should have "Disabled" text in it.

  10. Add second lookup table value - this time the value should be "1" and the text should be "Enabled" lookup_table

  11. After configuration - your Column Properties window should look like the screen below column_properties

  12. Save everything and close the SNMP View Editor window.

  13. In the result, the new Port Security column is displayed that represents the current status of Port Security on the interfaces of the switch. Cisco port security monitoring

Alerting about changes in Port Security status

It is also possible to get alerting about Port Security changes. To add such alert we will use the already known oid. Please follow the steps given below:

  1. Open Node Settings of switch, on which you want to configure alerts
  2. Under the SNMP section, please click Custom tile
  3. In Alerts tab, please use + Add Alert button
  4. Select and double-click New Event for SNMP Variable Value
  5. Click on the <Select SNMP Variable>
  6. In the Enter OID... field enter oid
  7. Click Next button
  8. Select an instance (The port number), that you want to monitor
  9. Click OK button
  10. Next to the Equals to please enter 2 (2 means Disabled, 1 means Enabled)
  11. Enter the alert description
  12. Save all settings
Port security - alerts

If you want to monitor more than one port, you should add other alerts using the steps above, and select other ports in step 8.

ciscocisco+portport securitysecuritysnmp

NetCrunch Network Monitoring

Network Maps, Dashboards, and Alerts.
Monitor anything. Network, cloud, config.