How do I set up an alarm for port flooding

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
I am trying to create an alarm for when a port is flooded with traffic.   I know how to create an alarm, but cant find the "trigger" action I am looking for.  What I am wanting is if a port on a switch is flooding our network, I want to receive an email and shut that ort down until I can discover the issue.  How do I do that?

Netsight Console 6.2.0.211
Photo of Cheston Cooper

Cheston Cooper

  • 80 Points 75 badge 2x thumb
  • frustrated because this should be easy and I cant find it.

Posted 3 years ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
Hi Cheston,

If you are using EXOS switches, you can configure rate limits for flooded traffic, as shown in this GTAC Knowledge article. When one of these rate limits is exceeded, the switch will generate a log message, which should be seen by Netsight.

-Brandon
Photo of Cheston Cooper

Cheston Cooper

  • 80 Points 75 badge 2x thumb
I am using Enterasys B5G124-48P2 switches.  I have a couple B5 24 ports, but everything aside from my core is a B5.  I will look at your solution, is there a particular threshold I should set for traffic?

Cheston
Photo of Andre K.

Andre K.

  • 356 Points 250 badge 2x thumb
Unfortunately the EOS access switches seem to lack basic features when it comes to flood condition mitigation. No mulitcast limiter no unknown unicast detection/limiting and even the broadcast suppressor lacks informational features like "peak broadcast per second".

You can work around some of that with qos policy rules, but let's be honest: There's much room for improvement regarding these features. Looking at the GTAC Article mentioned above EXOS is much more advanced in this regard.

My own workaround was to uplink all of our bigger broadcast domains to a Linux Server, where I continuously do a tcpdump and run a scripted check for flood conditions that alerts via mail.