OID of storm control trap

Hello everyone,
I have a question about Strom Control trap.
I configured "storm-control action trap" on cat2960-24
When broadcast storm occurred, my snmp server received the trap whose OID is "1.3.6.1.4.1.9.9.362.0.0.1" from cat2960-24.
What is this OID?
I think that ciscoPortStormControlMIBNotifs has two object.
One is cpscEvent(1.3.6.1.4.1.9.9.362.0.1.1) and the other is cpscEventRev1(1.3.6.1.4.1.9.9.362.0.2)
I don't find this OID(1.3.6.1.4.1.9.9.362.0.0.1) in SNMP object Navigator
My cat3560G-24 which configured similarly sent the correct trap(1.3.6.1.4.1.9.9.362.0.2)
Why my cat2950 sent undefined trap?
best regards.
Yusuke Matsumoto

hello
I receive also the trap 1.3.6.1.4.1.9.9.362.0.0.1 but I could not find the appropriate mib
Is someone could give an help
best regard
Serge

Similar Messages

Storm Control on Port-Channel Interfaces (6500 platform)

Hello.
I cannot find it anywhere in the documentation for the Cisco 6500 platform (IOS). The question is this: When calculating the percentage of broadcast passing through a Port-Channel interface, which total bandwidth figure is used by the switch? For example:
a. If we have a bundle of 4 Gig interfaces in a PortChannel with Storm-Control applied, the threshold will be calculated over 4Gb/s or 1Gb/s?
b. If the same PortChannel for some reason loses 2 of the uplinks in the Bundle, will the calculation be made over 4Gb/s, 2Gb/s or 1Gb/s?
Thanks!

Hi Leo,
I can't find any reference to this at the moment, but my thoughts are that it will be based on a single member port of the port-channel.
Remember that a port-channel is logically a single link and so a broadcast is only sent on one of the links of the port-channel and not all of them. The decision as to which link is used will be the same as for any other frame i.e., the broadcast address is used within the hashing calculation to choose the physical port.
If the storm-control values are determined based upon the aggregate bandwidth, and changes as links are added/removed from the agregate, then the suppression threshold values for link carrying the broadcasts is never going to be correct.
Regards

Broadcast Storm Control

Hi everybody,
Im suspected about broadcast storm control feature on switch. Could anyone please advice me?
1. When the broadcast storm control is triggered, can normal data packets (not broadcast packets) pass the switch?
2. If the network looping is occurred at unmanaged switch that doesnt support spanning tree protocol and it connects to the managed switch that broadcast storm control is turned on, does it help this issue?
Managed switch
|
|
Unmanaged switch
||
\/<--- network looping
Thanks for advance,
Nitass

1. Unicast packets and multicast packets are not affected when u enable broadcast storm control. Multicast packets will be affected only if you enable multicast storm control on the switchport.
2. I have no experience in a setup such as this but the behavior of the storm-control broadcast level command suggests that the switch port will drop all broadcasts headed through the port (in both directions) for a specified period of time.
This however, still does not stop the source of the broadcast (i.e. the multiple links running to the un managed switch) so I would presume that the broadcasts might die down for a small period of time but they will resurface as the unmanaged switch would continue generating broadcast packets.
Thus the port on the managed switch would come back to normal state, only to go back into broadcast storm control state and stop all broadcasts all over again.
HTH
Please rate posts that help.
Regards
Arvind

Broadcast Storm Control - Mac-address flooding

Hi Friends,
We would like to configure broadcast storm control in our LAN to detect/avoid mac-address flooding. What is the best way and Can I know how to decide the raising threshold & falling threshold values ?.. Please suggest.
Regards,
S.Tamilvanan

Hello,
the best way is to monitor your network fir 5-6 days in order to find out the normal pattern of broadcast traffic. Then based on results form this monitoring process you can set the thresholds of broadcast traffic.

Storm-Control Nexus Environment

Hello,
we want to configure storm-control in our network but we don´t understand the feature in all it´s details.
i understand that the switch can differenitate between broadcast/multicast and unicast by the I/G-Bit (if it 1 or 0). but how does a Nexus 5500 or nexus 7000 differentiate between broadcast and multicast? if the switch only checks the I/G-bit he is not able to determine if broadcast or multicast?
i couldn´t find anything about it in th documentation. can anybody explain the difference?
thx

Hello,
we want to configure storm-control in our network but we don´t understand the feature in all it´s details.
i understand that the switch can differenitate between broadcast/multicast and unicast by the I/G-Bit (if it 1 or 0). but how does a Nexus 5500 or nexus 7000 differentiate between broadcast and multicast? if the switch only checks the I/G-bit he is not able to determine if broadcast or multicast?
i couldn´t find anything about it in th documentation. can anybody explain the difference?
thx

Storm Control

Hi,
What are the best values when configuring storm control on an interface (broadcast, multicast and unicast.
Thanks
reza

hi,
so in my scenario, it is not using multicast and broadcast for video / music streaming, right? as we only shared the network drive to access, and play the video and music.
1. so it will not influence my m/c or b/c percentage, right?
2. pls give me guideline, and to set m/c or b/c is good to help to prevent when there is a lot traffic such as broadcast storm/virus spreading, right?

Adding LDAP-server (OID) to Cloud Control

Hi ,
we have installed the LDAP-server (Oracle Fusion Middleware) on a host without the WebLogic - therefore it's just the LDAP-server running on that host.
Now we would like to add the LDAP-server as a target to the Cloud Control - but haven't found a way to do that through the GUI (when using the GUI you always need to add informations about the WebLogic, e.g. Domain, ...).
Is it possible just to add the LDAP-server to the Cloud Control?
Any help will be appreciated!
Rgds
Jan

HI VivaLaVida,
Please take a look at the following EM12c documentation:
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#BABGAGIJ
You can connect EM12c with the following authentication systems:
•Oracle Access Manager (OAM) SSO
•Repository-Based Authentication
•SSO-Based Authentication
•Enterprise User Security Based Authentication
•LDAP Authentication Options: Oracle Internet Directory and Microsoft Active Directory
for OID there are non-GUI configuration methods:
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/security.htm#autoId12

Is it possible to control trapping? (CS5)

One thing that has always bugged our pressmen is that a certain 2 color job we do every month is really aggrivating with them because the registration is very close and detailed. Ive never thought to look into if that is something I can control with InDesign before its sent to our DPM or not. Is that something I can turn on or control?

You can't apply trapping to an object the preset is applied to a page or range of pages via Assign Trap Preset...
By default the trap size is relatively small, here I've exaggerated it to .1 in.
http://www.zenodesign.com/ftp/trapdialog.png
which produces this trap:
http://www.zenodesign.com/scripts/gstrap.png
Your Print dialog for separation output would look like this
http://www.zenodesign.com/scripts/printseps.png

OID traps

Please, I need a command or directory patch file , where I can get the OID of some traps.
Like the output that can get when I put command "ovdumpevents" in HPOV software.
For example OID of the following traps:
snmp-server community ******** RO
snmp-server community ******** RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps event-manager
snmp-server enable traps syslog
snmp-server enable traps memory bufferpeak
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps alarms informational
snmp-server host 10.24.0.40 ******** envmon snmp
snmp-server host 10.24.0.41 ******** envmon snmp
Thanks very much in advance
Best regards,

Thank you very much for the information. I´m need to find a command that can be executed in the ciscoworks server to see the OID and the traps.
Specifically, I need to analyze a "Cisco 7609 Router" in which I have configured the following traps:
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps event-manager
snmp-server enable traps syslog
snmp-server enable traps memory bufferpeak
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps alarms informational
What OID correspond for example to "module" or "chassis" traps ?
The IOS for this device is a "Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB5a"
Best regards!

SEA 1.0.3 snmpdx - no traps possible???

Hi list,
I'm struggling hard to implement an SNMP subagent using Solaris 8 SPARC and the SEA 1.0.3 SDK. I've applied patch 108869-18 to avoid difficulties.
Querying the mib subtree controlled by my subagent works fine. Unfortunately, I can not make the master agent (snmpdx) to forward the traps generated by my subagent.
The SEA 1.0.3 documentation on SNMP is very terse. It lacks examples, especially how to configure the /etc/snmp/conf files. It has some (buggy) grammar rules but the sample files contain commented out parameters that generate parsing errors when the parameters are actually used, e.g. the parameter trap-recipients in the acl-files. I'd also like to know what the parameters in the trap-block mean, especially trap-num. There's nothing in the docs... :-(
When I run master and subagent with -d 4 I can see that the subagent generate traps and the master agent receives them, but in the master agent I get
---------- cut here ----------
<< received 503 bytes from ichh2s101.faxdev.ic.47432
PACKET:
30 82 01 F3 02 01 00 04 06 70 75 62 6C 69 63 A4
82 01 E4 06 09 2B 06 01 04 01 93 0F 01 02 40 04
C0 A8 15 65 02 01 06 02 01 05 43 04 03 88 24 24
30 82 01 C3 30 17 06 0C 2B 06 01 04 01 93 0F 01
02 12 01 00 04 07 47 61 74 65 77 61 79 30 11 06
0C 2B 06 01 04 01 93 0F 01 02 12 02 00 02 01 65
30 16 06 0C 2B 06 01 04 01 93 0F 01 02 12 03 00
04 06 30 30 36 35 44 33 30 24 06 0C 2B 06 01 04
01 93 0F 01 02 12 04 00 04 14 50 72 6F 63 65 73
73 20 63 6F 6E 74 72 6F 6C 20 74 61 73 6B 30 1E
06 0C 2B 06 01 04 01 93 0F 01 02 12 05 00 04 0E
53 79 73 74 65 6D 20 77 61 72 6E 69 6E 67 30 12
06 0C 2B 06 01 04 01 93 0F 01 02 12 06 00 02 02
01 91 30 23 06 0C 2B 06 01 04 01 93 0F 01 02 12
07 00 04 13 32 30 30 32 2D 30 38 2D 31 33 2D 31
30 2E 35 32 2E 31 33 30 1E 06 0C 2B 06 01 04 01
93 0F 01 02 12 08 00 04 0E 4D 6F 64 75 6C 65 20
73 74 6F 70 70 65 64 30 46 06 0C 2B 06 01 04 01
93 0F 01 02 12 09 00 04 36 4D 6F 64 75 6C 65 20
68 61 73 20 62 65 65 6E 20 73 74 6F 70 70 65 64
20 62 79 20 6F 70 65 72 61 74 6F 72 20 28 6C 6F
63 61 6C 20 6F 72 20 72 65 6D 6F 74 65 29 2E 30
12 06 0C 2B 06 01 04 01 93 0F 01 02 12 0A 00 02
02 01 F5 30 81 81 06 0C 2B 06 01 04 01 93 0F 01
02 12 0B 00 04 71 44 6F 6D 61 69 6E 20 63 6F 6E
74 72 6F 6C 20 74 61 73 6B 20 69 6E 20 4D 6F 6E
69 74 6F 72 20 31 30 31 28 41 33 29 20 69 6E 69
74 69 61 74 65 64 20 73 68 75 74 64 6F 77 6E 20
28 4E 61 6D 65 3A 20 53 79 73 74 65 6D 20 4D 6F
6E 69 74 6F 72 2C 20 52 65 61 73 6F 6E 63 6F 64
65 3A 20 4E 6F 20 65 72 72 6F 72 20 6F 63 63 75
72 72 65 64 2E 29 2E
PDU:
version: 0
community: public
type: TRP_MSG (0xa4)
enterprise: 1.3.6.1.4.1.2447.1.2
IP agent addr: ichh2s101.faxdev.ic
generic: enterpriseSpecific(6)
specific: 5
time stamp: 59253796
name: 1.3.6.1.4.1.2447.1.2.18.1.0
type: OCTET STRING (0x4)
length: 7
value: Gateway ( 47 61 74 65 77 61 79 )
name: 1.3.6.1.4.1.2447.1.2.18.2.0
type: INTEGER (0x2)
length: 4
value: 101
name: 1.3.6.1.4.1.2447.1.2.18.3.0
type: OCTET STRING (0x4)
length: 6
value: 0065D3 ( 30 30 36 35 44 33 )
name: 1.3.6.1.4.1.2447.1.2.18.4.0
type: OCTET STRING (0x4)
length: 20
value: Process control task ( 50 72 6f 63 65 73 73 20 63 6f 6e 74 72 6f 6c 20 74 61 73 6b )
name: 1.3.6.1.4.1.2447.1.2.18.5.0
type: OCTET STRING (0x4)
length: 14
value: System warning ( 53 79 73 74 65 6d 20 77 61 72 6e 69 6e 67 )
name: 1.3.6.1.4.1.2447.1.2.18.6.0
type: INTEGER (0x2)
length: 4
value: 401
name: 1.3.6.1.4.1.2447.1.2.18.7.0
type: OCTET STRING (0x4)
length: 19
value: 2002-08-13-10.52.13 ( 32 30 30 32 2d 30 38 2d 31 33 2d 31 30 2e 35 32 2e 31 33 )
name: 1.3.6.1.4.1.2447.1.2.18.8.0
type: OCTET STRING (0x4)
length: 14
value: Module stopped ( 4d 6f 64 75 6c 65 20 73 74 6f 70 70 65 64 )
name: 1.3.6.1.4.1.2447.1.2.18.9.0
type: OCTET STRING (0x4)
length: 54
value: Module has been stopped by operator (local or remote). ( 4d 6f 64 75 6c 65 20 68 61 73 20 62 65 65 6e 20 73 74 6f 70 70 65 64 20 62 79 20 6f 70 65 72 61 74 6f 72 20 28 6c 6f 63 61 6c 20 6f 72 20 72 65 6d 6f 74 65 29 2e )
name: 1.3.6.1.4.1.2447.1.2.18.10.0
type: INTEGER (0x2)
length: 4
value: 501
name: 1.3.6.1.4.1.2447.1.2.18.11.0
type: OCTET STRING (0x4)
length: 113
value: Domain control task in Monitor 101(A3) initiated shutdown (Name: System Monitor, Reasoncode: No error occurred.). ( 44 6f 6d 61 69 6e 20 63 6f 6e 74 72 6f 6c 20 74 61 73 6b 20 69 6e 20 4d 6f 6e 69 74 6f 72 20 31 30 31 28 41 33 29 20 69 6e 69 74 69 61 74 65 64 20 73 68 75 74 64 6f 77 6e 20 28 4e 61 6d 65 3a 20 53 79 73 74 65 6d 20 4d 6f 6e 69 74 6f 72 2c 20 52 65 61 73 6f 6e 63 6f 64 65 3a 20 4e 6f 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 29 2e )
BUG: SSAOidCmp(): oid1 is NULLSESSIONS:
NUMBER OF SESSIONS: 0
---------- cut here ----------
Is that a bug in snmpdx or is there a configuration problem?
This is what I get when I start snmpdx in debug mode, and since I don't know how to attach files to this posting (any tips?) I added this to this (now quite log) posting. So sorry for this...
---------- cut here ----------
root@ICHH2S101 /etc/snmp/conf >01 /etc/snmp/conf >/usr/lib/snmp/snmpdx -y -c /etc/snmp/conf -d 4
Local IP Addresss : 192.168.21.101
SUBTREES:
1.3.6.1.4.1.42.2.15 1 1 relay-agent 161 1
AGENTS:
444C8 relay-agent localhost.161 900000000 1 3 0 0
MANAGERS:
* 0
COMMUNITIES(READ_WRITE): private public
#EFILTER:
enterprise="1.3.6.1.4.1.2447.1.2"
trap-num=403 community-string: public
ichh2s15 192.168.21.15
trap-num=401 community-string: public
ichh2s15 192.168.21.15
trap-num=805 community-string: public
ichh2s15 192.168.21.15
trap-num=301 community-string: public
ichh2s15 192.168.21.15
trap-num=205 community-string: public
ichh2s15 192.168.21.15
trap-num=32 community-string: public
ichh2s15 192.168.21.15
trap-num=31 community-string: public
ichh2s15 192.168.21.15
trap-num=30 community-string: public
ichh2s15 192.168.21.15
trap-num=29 community-string: public
ichh2s15 192.168.21.15
trap-num=28 community-string: public
ichh2s15 192.168.21.15
trap-num=27 community-string: public
ichh2s15 192.168.21.15
trap-num=26 community-string: public
ichh2s15 192.168.21.15
trap-num=25 community-string: public
ichh2s15 192.168.21.15
trap-num=24 community-string: public
ichh2s15 192.168.21.15
trap-num=23 community-string: public
ichh2s15 192.168.21.15
trap-num=22 community-string: public
ichh2s15 192.168.21.15
trap-num=21 community-string: public
ichh2s15 192.168.21.15
trap-num=20 community-string: public
ichh2s15 192.168.21.15
trap-num=19 community-string: public
ichh2s15 192.168.21.15
trap-num=18 community-string: public
ichh2s15 192.168.21.15
trap-num=17 community-string: public
ichh2s15 192.168.21.15
trap-num=16 community-string: public
ichh2s15 192.168.21.15
trap-num=15 community-string: public
ichh2s15 192.168.21.15
trap-num=14 community-string: public
ichh2s15 192.168.21.15
trap-num=13 community-string: public
ichh2s15 192.168.21.15
trap-num=12 community-string: public
ichh2s15 192.168.21.15
trap-num=11 community-string: public
ichh2s15 192.168.21.15
trap-num=10 community-string: public
ichh2s15 192.168.21.15
trap-num=9 community-string: public
ichh2s15 192.168.21.15
trap-num=8 community-string: public
ichh2s15 192.168.21.15
trap-num=7 community-string: public
ichh2s15 192.168.21.15
trap-num=6 community-string: public
ichh2s15 192.168.21.15
trap-num=5 community-string: public
ichh2s15 192.168.21.15
trap-num=4 community-string: public
ichh2s15 192.168.21.15
trap-num=3 community-string: public
ichh2s15 192.168.21.15
trap-num=2 community-string: public
ichh2s15 192.168.21.15
trap-num=1 community-string: public
ichh2s15 192.168.21.15
TRAP RECIPIENTS:
PDU:
version: 0
community: public
type: GET_REQ_MSG (0xa0)
request id: 0
error status: noError(0)
error index: 0
name: 1.3.6.1.2.1.7
type: NULL (0x5)
length: 0
value: ( )
PACKET:
30 24 02 01 00 04 06 70 75 62 6C 69 63 A0 17 02
01 00 02 01 00 02 01 00 30 0C 30 0A 06 06 2B 06
01 02 01 07 05 00
sent 38 bytes to ichh2s101.faxdev.ic.47228Waiting for incoming SNMP requests on UDP port 161
SESSIONS:
NUMBER OF SESSIONS: 0
---------- cut here ----------
ichh2s15 (192.168.21.15) is the SNMP management station running HP OpenView listening for SNMP traps. From there, I can also query my mib subtree.
Please let me know if you need more information.
Many thanks in advance.
Michael Kwasigroch,
FaxPlus/Open Development
Intercope Hamburg Germany

Ok,
:: shame on me ::
adding the enterprise oid used in our traps to /etc/snmp/conf/enterprises.oid did the trick, now it works.
However, does anybody have any clarification about the parameters in the *.acl files?
Thanks in advance,
- Michael

Using OID Authorisation in APEX

Hi,
One of my colleagues (much more skilled in APEX than me) has written a package that makes it easy to use Oracle Internet Directory (OID) groups to control access to pages and items. It assumes that you are already using Oracle Single Sign-On (which he also set up for us).
He's given me permission to add his work to my web page but prefers to remain anonymous. You can see how to do it here:
http://www.patrickhaston.co.uk/plsql/oid_authorisation.html
The source code is available for download.
Hope this is useful.
Patrick.

Joel
thank you for clarification. Really appreciate your help. I was able to get the list. Here is the procedure. The line that fails is highlighed. Basically it can't initialize the session on AD server...
declare
     p_username          varchar2(25):='test';
     p_password          varchar2(25):='test';
     l_user               varchar2(256);
     l_ldap_server     varchar2(256)     := 'AD host';
     l_domain          varchar2(256)     := 'domain';
     l_ldap_port          number               := 389;
     l_retval          pls_integer;
     l_session          dbms_ldap.session;
     l_cnt               number;
begin
--     l_retval := dbms_ldap.unbind_s( l_session );
     l_user               := p_username||'@'||l_domain;
*     l_session          := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session*
l_retval          := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
     l_retval          := dbms_ldap.unbind_s( l_session ); -- unbind
     dbms_output.put_line( 'yes');
exception when others then
dbms_output.put_line( 'no');
raise_application_error(-20101, 'invalid user');
     end;
thanks, Ed

Using OID for authentication in APEX and PL/SQL apps

Hi,
One of my colleagues (much more skilled in APEX than me) has written a PL/SQL package that makes it easy to use Oracle Internet Directory (OID) groups to control access to pages and items in APEX. It assumes that you are already using Oracle Single Sign-On (which he also set up for us).
Being a package, it's easy to use in any PL/SQL application.
He's given me permission to add his work to my web page but prefers to remain anonymous. You can see how to do it here:
http://www.patrickhaston.co.uk/plsql/oid_authorisation.html
The source code is available for download.
Hope this is useful.
Patrick.

Nothing new - all documented with APEX.

Product bug: unknown unicast traffic storms from thunderbolt displays

Hi All -
Periodically, a random Thunderbolt display will launch a wire rate unknown unicast traffic storm into our LAN and only stop when unplugged from the network. This typically leads to unicast flooding or at least massive trunk congestion (we now use Cisco's storm-control and block (unknown) unicast).
In any given event the transmitted frames are all the same and appear to be random data from memory. They make no sense as traffic: they have garbage MAC addresses and hence the "unknown unicast traffic storm".
We have very roughly 100 and about 1% malfunction this way once a week. We don't think it's the MBP behind the display because we switched to Thunderbolt ethernet adapters (directly on the MPBs) and have not seen an incident for over 7 weeks.
Here is a LogicMonitor record; the trailing edge of the event was when we unplugged the display.
Here's what a packet capture looks like from the outage:
Here is trace data from a different event.
The destination MAC address is an ASCII string that spells out "vertcp". Although Wireshark identifies the frame type as LLC in the first example, we believe this to be a coincidence; it's a random 436-byte piece of firmware memory. A safe conclusion is that both the LLC tag and the completely invalid ethertype in the first event is just random. Nothing in the captured frames makes sense because they aren't ethernet frames, they are random data passed to the driver due to a bug.
Thanks
Branden

We have experienced the same issue with increasing frequency as more Thunderbolt displays are introduced into our environment in the last year. On a gigabit port, the display has no problem generating 800mbit/s or more of traffic (~500kpps) - which is then flooded to every port in the same VLAN (~400 user ports in our case). For 100mbit/s users, this essentially floods them off the network.
Here is a detail I don't see mentioned above -- this happens even when a laptop/computer is not connected to the display. The first case we had of this happening was with a display that had no thunderbolt parent device attached. Shutting down the switchport and no-shutting it (bouncing the link on the display) resolves this until the next time it happens.
It looks like whatever crap resides in various buffers is used to construct the resulting Ethernet frames. I did not perform a packet capture this time, but the last time it happened the entire Ethernet header was null bytes with the body being mostly-null but the same random-looking noise in the rest of the frame. The frame was interpreted by Wireshark and others as a type of Fiber Channel, but I think that was just the default case that matched many of the null characteristics. The exact same frame was reflected in each packet sent (as opposed to each frame being different/randomized from the predecessor)

Loop - broadcast storm in network

Good day to you all, i'm with some problem and i can't seem to find the right solution.
at our company we have arround 300 2960 switches, also in some areas of the factory they are using 3com hubs or other hub devices.
i am trying to take them all out, but the factory is to big and there are more then 100 on places i dont know.
My problem is that many times we have a broadcast storm or loop in the network.
users just put in 2 cables in a hub, or the cisco phone both cables in the hub.
the hub is connected to a 2960 switch.
My port configuration is:
interface FastEthernet0/3
switchport access vlan 27
switchport mode access
switchport voice vlan 244
spanning-tree portfast
spanning-tree bpduguard enable
end
the STP settings global are:
spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
in my opinion the port that have the 3com connected should go in to err-disable when a loop is created because it receive BPDU packets.
unfortuinatly this does not happens and my whole network goes down.
the logging in the switch only indentify that there is mac flapping.
Mar 1 07:28:02: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
Mar 1 07:28:18: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
Mar 1 07:28:38: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
Mar 1 07:28:42: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
Mar 1 07:28:50: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
Mar 1 07:28:50: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
Mar 1 07:29:03: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
Mar 1 07:29:06: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
Mar 1 07:29:16: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
Mar 1 07:29:18: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
Does someone have an idea to prefent this from happening ??
Thanks a lot!

Hello
My question is should i only set on the interface "storm-control broadcast level ??"
or do i also need to set multicast and unicast ? - All depends on what traffic you have traversing your links you need to be sure you dont set the levels to low has to prohibit legitimate IGP/broadcast/mulitcast/unicast traffic this includes any bespoke application traffic that utilzies any of the above
and why is the 3 to 5 %, so it will drop the storm when reach 95 % on interface ? - 5% of an 100mb link would be reached at 5 mb utilization of whatever traffic you define, the higher rate the less effective stom controll is.
To protect against layer 1 devices such are hubs and say access ports with attached switches(managed/unmanaged) you can also apply port-security running along side your current stp bpduguard.
switchport nonegotiate ( disables DTP)
switchport port-security ( enables port security)
switchport port-security aging type inactivity ( ageing of mac- address)
switchport port-security aging time xx ( mins the mac address will age out)
Switchport port-security violation restrict| shutdown ( violation action of port-security)
Switchport port-security max xx ( number of mac- address allowed on port)
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.

Broadcast storms

Hello,
I currently have 4 HP 2610 switches alongside a Cisco SG 300 28 Port POE. I have a few laptops that when I look on the old 2610's I can plainly see they are pushing out what may be excessive traffic (AKA broadcast storms) from the login page on the GUI...I am investigating this with the laptops in question by updating drivers, checking for malware etc..hopefully the nics aren't bad as that would be a board replacement. Anyways, if these laptops were on the Cisco is there a area that I can plainly see what ports or Macs are pushing out what may be a broadcast storm. Under logs I see I have a flash log etc...but where would I see who is actually in plain english pushing bad traffic similar to the old HP switches? The reason why I ask is I am retiring the old HP's over time and I want to be "in the know" how to see issues like this without having to go through alot of hoops.
Don

Hi Don
I know HP 2610 switches and thus remember about what messages are you talking about. Neither of Cisco switches (Small business or Enterprise) provides same kind of output in regards identification of unexpected traffic pattern on ports.
But on the other side they have options how to avoid and identify loops in switched networks. This means that instead of receiving "Excessive broadcasts received on the port X" you will get something like "STP Loopback Detection." in case there is really switching loop in network. Moreover with releasing firmware 1.4.0.88 new feature was introduced for avoiding loops in network: Loopback detection – Detects network loops using non-BPDU frames, and usually used where spanning tree cannot be used.
There is also Storm control feature on SG300 switches, but it is like prevention mechanism instead. More here.
I.e. in another words, Small business switches have resources and options how to detect switching loops with blocking of switch ports from where storms are coming from.
One more thing: "Excessive broadcasts received on the port X" on HP not always pointed to broadcast storms, but yes is usually caused by a network topology loop, but can also be due to a malfunctioning device, NIC, NIC driver, or software application.
hope this helps..

OID of storm control trap

Similar Messages

Maybe you are looking for