Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

SNMPv3 Link down traps are not working (2930M / JL321A)

This thread has been viewed 11 times

  • 1.  SNMPv3 Link down traps are not working (2930M / JL321A)

    Posted Mar 19, 2024 09:16 AM

    Hello. 

    I have the problem, that I need snmpv3 link down traps on a NAC appliance. 

    SNMP Link Up Traps are send well. SNMP Link Down traps are not send. The switch is just send the operational status of the port is down, but not the link down trap. 

    Switch version is:  WC.16.11.0005

    SNMP Configuration: 

    snmpv3 targetaddress "NAC" params "counteract" 10.22.31.1 filter all taglist "NAC"

    Please see log messages from NAC appliance. 

     
    Link Up Trap: 
    sw:18235:1710851371.821736:Tue Mar 19 13:29:31 2024: main::sw_send_trap_event_by_mac:14749:[]::0: mac[805d974dcde7] reporting trap [up] event
    sw:18235:1710851373.086182:Tue Mar 19 13:29:33 2024: main::sw_add_mac:9287:[DEVICE,MAC]:[keys:10.22.31.1,10.22.31.1:146,805d974dcde7]:0: Sending adm for mac[805d974dcde7] - reveived link-up trap on this port
    sw:18235:1710851373.086377:Tue Mar 19 13:29:33 2024: main::sw_send_adm_by_mac:13406:[DEVICE,MAC]:[keys:10.22.31.1,10.22.31.1:146,805d974dcde7]:0: sw [10.22.31.1] sending admission for mac[805d974dcde7]
    sw:18235:1710851373.334845:Tue Mar 19 13:29:33 2024: main::sw_send_trap_event_by_mac:14749:[DEVICE,MAC]:[keys:10.22.31.1]:0: mac[805d974dcde7] reporting trap [up] event
     
    Link down trap / operational status: 
    sw:18235:1710851404.694754:Tue Mar 19 13:30:04 2024: main::sw_purge_port_macs_hash_absent_mac:19791:[DEVICE,MAC]:[keys:10.22.31.1]:0: operatedown - mac[805d974dcde7] ipport[10.22.31.1:146] multi[1] voip[] trunk[0] operate_down[1]
    sw:18235:1710851404.695458:Tue Mar 19 13:30:04 2024: main::mac_removed_from_port_handle_mac:20874:[DEVICE,MAC]:[keys:10.22.31.1]:0: deleting mac[805d974dcde7] from ipport[10.22.31.1:146 mac_on_another_port[] operate_down[1] mac_last_update_time[1710851373] online[]
    Is there any configuration to activate same link traps for link down as link up? Or is it a bug of software?


  • 2.  RE: SNMPv3 Link down traps are not working (2930M / JL321A)

    Posted 18 days ago

    Nobody can help? :-(


    Original Message


  • 3.  RE: SNMPv3 Link down traps are not working (2930M / JL321A)

    Posted 18 days ago

    Hi

    are you sure you need link up/down traps in your NAC software? What NAC solution are you using?

    With Aruba Clearpass SNMP-based enforcement, mac-notify traps are used to track whether a client is connected or not. 

    Switch Configuration
    Global switch configuration:
    snmp-server community OnConnectRO operator
    snmp-server community OnConnectRW operator
    snmp-server host 4.3.2.1 community ClearPassOnConnect trap-level all
    snmp-server trap-source 1.2.3.4
    snmp-server enable traps mac-notify
    Interface configuration:
    snmp-server enable traps link-change 17-20
    interface 17-20 mac-notify traps learned
    interface 17-20 mac-notify traps removed
    interface 17-20 untagged vlan 812

    Would that do the job for you, too? See also "Wired Policy Enforcement Solution Guide" page 50 ff.. 

    Regards, 
    Thomas


    Original Message


  • 4.  RE: SNMPv3 Link down traps are not working (2930M / JL321A)

    Posted 16 days ago

    Thank you for your feedback. 

    I added snmp-server enable traps mac-notify, interface 17-20 mac-notify traps learned and interface 17-20 mac-notify traps removed to the affected switch. But nothing changed. The switch is just send the operational status of the port is down, but not the link down trap. 

    The NAC appliance is no clearpass appliance, it needs link down traps, not operational status. It is optional but not neccessary, but I wonder why link up traps are working and link down not. There is just a difference in the aruba switch of sending traps for link down and up. Link down is operational status of the port and not that the link is down. 




    Original Message