KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

201

202

203

204

205

206

207

208

209

210

Enables or disables sending one of the security notification types listed below to configured trap

receivers. (Unless otherwise stated, all of the following notifications are enabled in the default

configuration.)

The notification sends a trap:

If ARP packets are received with an invalid source or destination

MAC address, an invalid IP address, or an invalid IP-to-MAC

binding.

arp-protect

If the connection with a RADIUS or TACACS+ authentication server

fails.

auth-server-fail

If DHCP packets are received from an untrusted source or if DHCP

packets contain an invalid IP-to-MAC binding.

dhcp-snooping

If the switch is out of hardware resources needed to program a

dynamic IP lockdown rule

dyn-ip-lockdown

When the link state on a port changes from up to down, or the

reverse.

link-change <port-list>

For a failed login with a manager password.login-failure-mgr

When a manager password is reset.password-change-mgr

Globally enables the generation of SNMP trap notifications upon

MAC address table changes.

mac-notify

For a failed authentication attempt through a web, MAC, or 801.X

authentication session.

port-security

When changes to the running configuration file are made.running-config-change

For a failed authentication attempt via SNMP.snmp-authentication [ extended |

standard ]

(Default: extended.)

Sends a trap when changes to the startup configuration file are

made.(Default: Disabled.)

Startup-config-change

To determine the specific cause of a security event, check the Event Log in the console interface to

see why a trap was sent.

Viewing the current configuration for network security notifications

Syntax

show snmp-server traps

The command output is a subset of the information displayed with the show snmp-server

command in Figure 101 (page 212).

206 Configuring for Network Management Applications