Cisco Cisco Identity Services Engine 1.3 Guida Alla Progettazione
© 2015 思科系统公司
第
25 页
安全访问操作指南
验证接入交换机是否正在发送
SNMP 陷阱是一项可选验证,可以通过启用调试记录查看 SNMP Link 陷阱和
MAC Notification 陷阱的发送情况来进行验证。下面的输出来自启用了以下调试的 Catalyst 交换机:
• 调试 SNMP 数据包
• 调试 MAC Notification
• 调试 MAC Notification
在下面的示例中,启用连接至思科
IP 电话的交换端口和连接至该电话的 Windows 7 PC 时,系统会为该电话
和
PC 将 SNMP LinkUp 陷阱发送至 ISE PSN,然后会为二者发送 MAC Notification 陷阱。仅突出显示与 MAC
地址为
00:50:56:A0:0B:3A 的 PC 相关的陷阱:
Apr 26 16:53:06.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Apr 26 16:53:06.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan13, changed state to up
Apr 26 16:53:06.743: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:06.743: SNMP: V2 Trap, reqid 296, errstat 0, erridx 0
sysUpTime.0 = 58970958
snmpTrapOID.0 = snmpTraps.4
ifIndex.10 = 10
ifDescr.10 = Vlan10
ifType.10 = 53
lifEntry.20.10 = up
Apr 26 16:53:06.861: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:06.861: SNMP: V2 Trap, reqid 299, errstat 0, erridx 0
sysUpTime.0 = 58970970
snmpTrapOID.0 = snmpTraps.4
ifIndex.13 = 13
ifDescr.13 = Vlan13
ifType.13 = 53
lifEntry.20.13 = up
Apr 26 16:53:06.995: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:07.246: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:08.706: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
Apr 26 16:53:09.713: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed
state to up
Apr 26 16:53:09.713: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:09.713: SNMP: V2 Trap, reqid 302, errstat 0, erridx 0
sysUpTime.0 = 58971255
snmpTrapOID.0 = snmpTraps.4
ifIndex.10101 = 10101
ifDescr.10101 = GigabitEthernet1/0/1
ifType.10101 = 6
lifEntry.20.10101 = up
Apr 26 16:53:09.964: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:12.280: MN: Enqueue MAC 0050.56a0.0b3a on port 1 vlan 10
MN: New Shadow entry..
Apr 26 16:53:12.280: MN : MAC Notify event for 0050.56a0.0b3a on port 1 vlan 10
Apr 26 16:53:12.456: MN: Enqueue MAC 0030.94c4.528a on port 1 vlan 10
MN: Got the last shadow entry..Index 11
Apr 26 16:53:12.456: MN : MAC Notify event for 0030.94c4.528a on port 1 vlan 10
MN: Shadow entry for Despatch..
Despatching trap for Index 2 Time: 58971575
MN: Wrapping history queue..
Apr 26 16:53:12.925: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:12.925: SNMP: V2 Trap, reqid 305, errstat 0, erridx 0
sysUpTime.0 = 58971577
snmpTrapOID.0 = cmnMacChangedNotification
cmnHistMacChangedMsg.1 =
01 00 0A 00 50 56 A0 0B 3A 00 01 01 00 0A 00 30
94 C4 52 8A 00 01 00
cmnHistTimestamp.1 = 58971575
Apr 26 16:53:13.177: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:06.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan13, changed state to up
Apr 26 16:53:06.743: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:06.743: SNMP: V2 Trap, reqid 296, errstat 0, erridx 0
sysUpTime.0 = 58970958
snmpTrapOID.0 = snmpTraps.4
ifIndex.10 = 10
ifDescr.10 = Vlan10
ifType.10 = 53
lifEntry.20.10 = up
Apr 26 16:53:06.861: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:06.861: SNMP: V2 Trap, reqid 299, errstat 0, erridx 0
sysUpTime.0 = 58970970
snmpTrapOID.0 = snmpTraps.4
ifIndex.13 = 13
ifDescr.13 = Vlan13
ifType.13 = 53
lifEntry.20.13 = up
Apr 26 16:53:06.995: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:07.246: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:08.706: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
Apr 26 16:53:09.713: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed
state to up
Apr 26 16:53:09.713: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:09.713: SNMP: V2 Trap, reqid 302, errstat 0, erridx 0
sysUpTime.0 = 58971255
snmpTrapOID.0 = snmpTraps.4
ifIndex.10101 = 10101
ifDescr.10101 = GigabitEthernet1/0/1
ifType.10101 = 6
lifEntry.20.10101 = up
Apr 26 16:53:09.964: SNMP: Packet sent via UDP to 10.1.100.5
Apr 26 16:53:12.280: MN: Enqueue MAC 0050.56a0.0b3a on port 1 vlan 10
MN: New Shadow entry..
Apr 26 16:53:12.280: MN : MAC Notify event for 0050.56a0.0b3a on port 1 vlan 10
Apr 26 16:53:12.456: MN: Enqueue MAC 0030.94c4.528a on port 1 vlan 10
MN: Got the last shadow entry..Index 11
Apr 26 16:53:12.456: MN : MAC Notify event for 0030.94c4.528a on port 1 vlan 10
MN: Shadow entry for Despatch..
Despatching trap for Index 2 Time: 58971575
MN: Wrapping history queue..
Apr 26 16:53:12.925: SNMP: Queuing packet to 10.1.100.5
Apr 26 16:53:12.925: SNMP: V2 Trap, reqid 305, errstat 0, erridx 0
sysUpTime.0 = 58971577
snmpTrapOID.0 = cmnMacChangedNotification
cmnHistMacChangedMsg.1 =
01 00 0A 00 50 56 A0 0B 3A 00 01 01 00 0A 00 30
94 C4 52 8A 00 01 00
cmnHistTimestamp.1 = 58971575
Apr 26 16:53:13.177: SNMP: Packet sent via UDP to 10.1.100.5