How do I set up an alarm for port flooding
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-29-2015 11:52 AM
I am trying to create an alarm for when a port is flooded with traffic. I know how to create an alarm, but cant find the "trigger" action I am looking for. What I am wanting is if a port on a switch is flooding our network, I want to receive an email and shut that ort down until I can discover the issue. How do I do that?
Netsight Console 6.2.0.211
Netsight Console 6.2.0.211
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-06-2015 07:57 AM
Unfortunately the EOS access switches seem to lack basic features when it comes to flood condition mitigation. No mulitcast limiter no unknown unicast detection/limiting and even the broadcast suppressor lacks informational features like "peak broadcast per second".
You can work around some of that with qos policy rules, but let's be honest: There's much room for improvement regarding these features. Looking at the GTAC Article mentioned above EXOS is much more advanced in this regard.
My own workaround was to uplink all of our bigger broadcast domains to a Linux Server, where I continuously do a tcpdump and run a scripted check for flood conditions that alerts via mail.
You can work around some of that with qos policy rules, but let's be honest: There's much room for improvement regarding these features. Looking at the GTAC Article mentioned above EXOS is much more advanced in this regard.
My own workaround was to uplink all of our bigger broadcast domains to a Linux Server, where I continuously do a tcpdump and run a scripted check for flood conditions that alerts via mail.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-29-2015 11:59 AM
I am using Enterasys B5G124-48P2 switches. I have a couple B5 24 ports, but everything aside from my core is a B5. I will look at your solution, is there a particular threshold I should set for traffic?
Cheston
Cheston
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-29-2015 11:56 AM
Hi Cheston,
If you are using EXOS switches, you can configure rate limits for flooded traffic, as shown in this GTAC Knowledge article. When one of these rate limits is exceeded, the switch will generate a log message, which should be seen by Netsight.
-Brandon
If you are using EXOS switches, you can configure rate limits for flooded traffic, as shown in this GTAC Knowledge article. When one of these rate limits is exceeded, the switch will generate a log message, which should be seen by Netsight.
-Brandon
