Using snmp traps to detect broadcast storms

I need some help with using SNMP traps to generate alerts for broadcast storms. Most of the switches in our network have levels set for broadcast storms. We'd like to be able to generate SNMP traps to send to our network management software to alert us of when they occur.

If I'm only enabling certain traps to be sent, which keyword would I use to allow storm-control traps?

How would I recognize the storm-control traps on the network management software? What kind of test would I use?

Thanks!

Reply to
pfisterfarm
Loading thread data ...

Are there frequent broadcast storms in your network ?

If so are the causes known ?

Reply to
Merv

try

int storm-control broadcast level storm-control action trap

Reply to
Merv

Well... like I said in the original post, most ports in the network have storm-control levels already set. I'm only enabling certain traps going to the network management software, i.e. I've currently got a line in the configs that looks like:

snmp-server host snmp

to allow only basic snmp traps to be sent. My questions were: what keyword do I need to add to this to allow storm-control traps to be sent? Is it storm-control?

Also, how would I recognize the traps on the NMS side?

And the answer to the other question above was broadcast storms do happen on occasion. I know that on at least one occasion before I got here, someone had plugged a switch into itself. And I think it's possible broadcast storms are being triggered by mistake. A lot of ports have the unicast levels set at 5k pps. I've just seen an instance where a large download seems to have reached that and the action on the port was shutdown, so the port got put into err-disabled mode.

Thanks!

Reply to
pfisterfarm

Well, it sure caused broadcast storm, but trying to configure SNMP traps to be alerted about it is entirely missing the problem. It looks like what you have is misconfigured STP (or not configured at all).

Regards, Andrey.

Reply to
Andrey Tarasov

I'm not sure I understand why you say this. Are you saying broadcast storms shouldn't exist, or I shouldn't want to be alerted to them? I mean in general, not just in the case I mentioned above.

Thanks!

Reply to
pfisterfarm

I do not see an "snmp-server enable traps storm-control" command

The only commands related to storm-control were the ones already posted

int storm-control broadcast level storm-control action trap

There are these snmp-server trap commands for port security

snmp-server enable traps port-security

snmp-server enable traps port-security trap-rate 1

Not sure if storm-control would fall under port-security ???

Reply to
Merv

My experience is limited, so I'm yet to find network where broadcast storms would be caused by something else than STP configuration. Since you mentioned case with switch plugged into itself causing broadcast storm, your network is not exception. Fix STP and you wouldn't need to worry about broadcast storm alerts.

Regards, Andrey.

Reply to
Andrey Tarasov

Broadcast storms can occur for a variety of reasons. I recall a client who had a flat network and a device that was continually ARP ing thru the entire network 10 address space.

One wants to follow best practices to avoid unnecessary issues and the typical network outages associated with them

It is not a bad idea to be alerted if something untoward is occurring in your network.

I do agree with Andrey that any known issues should be eliminated as quickly as possible

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.