HP 2910AL User Manual

Configuring for Network Management Applications

Using SNMP Tools To Manage the Switch

To enable or disable notification/traps for network security failures and other
security events, enter the

snmp-server enable traps command.

Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | login-

failure-mgr | port-security | auth-server-fail | dhcp-snooping | arp-protect]

Enables or disables sending one of the security notification
types listed below to configured trap receivers. (Unless
otherwise stated, all of the following notifications are
enabled in the default configuration.

•

arp-protect

sends a trap if ARP packets are received with an invalid

source or destination MAC address, an invalid IP address, or an invalid
IP-to-MAC binding.

•

auth-server-fail

sends a trap if the connection with a RADIUS or

TACACS+ authentication server fails.

•

dhcp-snooping

sends a trap if DHCP packets are received from an

untrusted source or if DHCP packets contain an invalid IP-to-MAC
binding.

•

link-change < port-list >

sends a trap when the link state on a port

changes from up to down, or the reverse.

•

login-failure-mgr

sends a trap for a failed login with a manager

password.

•

password-change-mgr

sends a trap when a manager password is

reset.

•

port-security

sends a trap for a failed authentication attempt through

a web, MAC, or 801.X authentication session.

•

snmp-authentication [ extended | standard ]

sends a trap for a failed

authentication attempt via SNMP. Default: extended.

To determine the specific cause of a security event, check the event log in the
console interface to see why a trap was sent. For more information, refer to
“Using the Event Log for Troubleshooting Switch Problems” on page C-26.

To display the current configuration for network security notifications, enter
the

show snmp-server traps command. Note that command output is a subset

of the information displayed with the

show snmp-server command in Figure 14­

13.

14-27