Using snmp traps to detect broadcast storms

Discussion in 'Cisco' started by pfisterfarm, Mar 20, 2008.

  1. pfisterfarm

    pfisterfarm Guest

    I need some help with using SNMP traps to generate alerts for
    broadcast storms. Most of the switches in our network have levels set
    for broadcast storms. We'd like to be able to generate SNMP traps to
    send to our network management software to alert us of when they
    occur.

    If I'm only enabling certain traps to be sent, which keyword would I
    use to allow storm-control traps?

    How would I recognize the storm-control traps on the network
    management software? What kind of test would I use?

    Thanks!
    pfisterfarm, Mar 20, 2008
    #1
    1. Advertising

  2. pfisterfarm

    Merv Guest

    On Mar 20, 12:00 pm, pfisterfarm <> wrote:
    > I need some help with using SNMP traps to generate alerts for
    > broadcast storms. Most of the switches in our network have levels set
    > for broadcast storms. We'd like to be able to generate SNMP traps to
    > send to our network management software to alert us of when they
    > occur.



    Are there frequent broadcast storms in your network ?

    If so are the causes known ?
    Merv, Mar 20, 2008
    #2
    1. Advertising

  3. pfisterfarm

    Merv Guest

    On Mar 20, 1:18 pm, Merv <> wrote:
    > On Mar 20, 12:00 pm, pfisterfarm <> wrote:
    >
    > > I need some help with using SNMP traps to generate alerts for
    > > broadcast storms. Most of the switches in our network have levels set
    > > for broadcast storms. We'd like to be able to generate SNMP traps to
    > > send to our network management software to alert us of when they
    > > occur.

    >
    > Are there frequent broadcast storms in your network ?
    >
    > If so are the causes known ?


    try

    int <>
    storm-control broadcast level <>
    storm-control action trap
    Merv, Mar 21, 2008
    #3
  4. pfisterfarm

    pfisterfarm Guest

    > > Are there frequent broadcast storms in your network ?
    >
    > > If so are the causes known ?

    >
    > try
    >
    > int <>
    > storm-control broadcast level <>
    > storm-control action trap


    Well... like I said in the original post, most ports in the network
    have storm-control levels already set. I'm only enabling certain traps
    going to the network management software, i.e. I've currently got a
    line in the configs that looks like:

    snmp-server host <ip of NMS> <community string> snmp

    to allow only basic snmp traps to be sent. My questions were: what
    keyword do I need to add to this to allow storm-control traps to be
    sent? Is it storm-control?

    Also, how would I recognize the traps on the NMS side?

    And the answer to the other question above was broadcast storms do
    happen on occasion. I know that on at least one occasion before I got
    here, someone had plugged a switch into itself. And I think it's
    possible broadcast storms are being triggered by mistake. A lot of
    ports have the unicast levels set at 5k pps. I've just seen an
    instance where a large download seems to have reached that and the
    action on the port was shutdown, so the port got put into err-disabled
    mode.

    Thanks!
    pfisterfarm, Mar 24, 2008
    #4
  5. pfisterfarm wrote:

    > And the answer to the other question above was broadcast storms do
    > happen on occasion. I know that on at least one occasion before I got
    > here, someone had plugged a switch into itself.


    Well, it sure caused broadcast storm, but trying to configure SNMP traps
    to be alerted about it is entirely missing the problem. It looks like
    what you have is misconfigured STP (or not configured at all).

    Regards,
    Andrey.
    Andrey Tarasov, Mar 24, 2008
    #5
  6. pfisterfarm

    pfisterfarm Guest

    > Well, it sure caused broadcast storm, but trying to configure SNMP traps
    > to be alerted about it is entirely missing the problem.


    I'm not sure I understand why you say this. Are you saying broadcast
    storms shouldn't exist, or I shouldn't want to be alerted to them? I
    mean in general, not just in the case I mentioned above.

    Thanks!
    pfisterfarm, Mar 24, 2008
    #6
  7. pfisterfarm

    Merv Guest

    I do not see an "snmp-server enable traps storm-control" command

    The only commands related to storm-control were the ones already
    posted

    int <>
    storm-control broadcast level <>
    storm-control action trap


    There are these snmp-server trap commands for port security

    snmp-server enable traps port-security

    snmp-server enable traps port-security trap-rate 1


    Not sure if storm-control would fall under port-security ???
    Merv, Mar 24, 2008
    #7
  8. pfisterfarm wrote:
    >> Well, it sure caused broadcast storm, but trying to configure SNMP traps
    >> to be alerted about it is entirely missing the problem.

    >
    > I'm not sure I understand why you say this. Are you saying broadcast
    > storms shouldn't exist, or I shouldn't want to be alerted to them? I
    > mean in general, not just in the case I mentioned above.


    My experience is limited, so I'm yet to find network where broadcast
    storms would be caused by something else than STP configuration. Since
    you mentioned case with switch plugged into itself causing broadcast
    storm, your network is not exception.
    Fix STP and you wouldn't need to worry about broadcast storm alerts.

    Regards,
    Andrey.
    Andrey Tarasov, Mar 24, 2008
    #8
  9. pfisterfarm

    Merv Guest

    On Mar 24, 4:26 pm, Andrey Tarasov <> wrote:
    > pfisterfarm wrote:
    > >> Well, it sure caused broadcast storm, but trying to configure SNMP traps
    > >> to be alerted about it is entirely missing the problem.

    >
    > > I'm not sure I understand why you say this. Are you saying broadcast
    > > storms shouldn't exist, or I shouldn't want to be alerted to them? I
    > > mean in general, not just in the case I mentioned above.

    >
    > My experience is limited, so I'm yet to find network where broadcast
    > storms would be caused by something else than STP configuration. Since
    > you mentioned case with switch plugged into itself causing broadcast
    > storm, your network is not exception.
    > Fix STP and you wouldn't need to worry about broadcast storm alerts.



    Broadcast storms can occur for a variety of reasons. I recall a client
    who had a flat network and a device that was continually ARP ing thru
    the entire network 10 address space.

    One wants to follow best practices to avoid unnecessary issues and the
    typical network outages associated with them

    It is not a bad idea to be alerted if something untoward is occurring
    in your network.

    I do agree with Andrey that any known issues should be eliminated as
    quickly as possible
    Merv, Mar 24, 2008
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Illusion

    Syslog or SNMP traps?

    Illusion, Oct 31, 2003, in forum: Cisco
    Replies:
    3
    Views:
    15,334
    Pete Mainwaring
    Nov 4, 2003
  2. Ross

    sending snmp traps

    Ross, Mar 1, 2004, in forum: Cisco
    Replies:
    0
    Views:
    730
  3. Marco Roda

    SNMP traps / SYSLOG documentation

    Marco Roda, Oct 11, 2004, in forum: Cisco
    Replies:
    1
    Views:
    764
    Michael Janke
    Oct 12, 2004
  4. Replies:
    1
    Views:
    880
    Scott Fringer
    May 13, 2005
  5. Christian Roos

    SNMP-Version to send traps (CatOS 7.6)

    Christian Roos, Mar 7, 2006, in forum: Cisco
    Replies:
    0
    Views:
    499
    Christian Roos
    Mar 7, 2006
Loading...

Share This Page