An interesting subject a customer brought up on Thursday was around network monitoring in terms of items we often overlook – broadcast storms, loops, etc. Too often we rely on STP and the likes and actually dont look at actually monitoring this quite fundamental piece of LAN; and broadcast storms in one of those pieces that can quickly bring a very expensive LAN to its knees.
To be informed of broadcast storms, we can use the “storm-control” setting in Cisco IOS and configure our routers/switches to send us an SNMP trap when the thresholds are breached as below:
Router# configure terminal Router(config)# interface gigabitethernet 3/16 Router(config-if)# storm-control action trap Router(config-if)# exit Router(config)# snmp-server enable traps storm-control trap-rate 0 Router(config)# end
This is a snippet from the in-depth Cisco guide here: link . This assumes that you have already setup the Router to trap to your Opsview system already. If not, follow the guide here: link
Once the router is trapping on broadcast storm issues, then simply create an SNMP Trap rule to set a service check to “CRITICAL” when it receives a “${bcastStormPercent} eq > 5” for example – depending on the OID for your device. You can view all your OID’s by using “SNMP Polling” and doing an SNMP Walk against the device via the Opsview GUI as below:
Once configured, this will allow you to be alerted via email, SMS, etc as soon as any broadcast storm is detected.
