Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1696
Views
0
Helpful
3
Replies

Cisco 3560 MAC table threshold notification

1pipantom2
Level 1
Level 1

‎01-23-2009 01:33 PM - edited ‎03-06-2019 03:37 AM

Hello,

I have met real situation in our network, when Cisco 3560 MAC table became full (6 K addresses). It was not due to MAC flooding , but due to increasing network flow patterns. To solve the problem I have just changed sdm profile from default to vlan. Right Now Cisco 3560 allow 12 K MAC, average MAC address count in MAC table is about 8K. So everything is O'k.

But right now I am thinking, how to get notification about exceeding MAC Threshold to SNMP Network Monitoring System from Cisco 3560.

In documentation I have only found how to send SNMP trap about learning/clearing MAC on specific ports.It not my case.

Using Cisco SNMP Navigator I have searched through CISCO-MAC-NOTIFICATION-MIB. Where are some MIB related to my problem.

cmnMACThresholdObjects" "1.3.6.1.4.1.9.9.215.1.4"

cmnMACThresholdFeatureEnabled" "1.3.6.1.4.1.9.9.215.1.4.1"

"cmnMACThresholdLimit" "1.3.6.1.4.1.9.9.215.1.4.2"

"cmnMACThresholdInterval" "1.3.6.1.4.1.9.9.215.1.4.3"

"cmnMACThresholdNotifEnabled" "1.3.6.1.4.1.9.9.215.1.4.4"

I tried to read all CISCO-MAC-NOTIFICATION-MIB OID's from device via snmpwalk. But only OID's I have read are

cmnGlobalFeatureEnabled" "1.3.6.1.4.1.9.9.215.1.1.1"

"cmnNotificationInterval" "1.3.6.1.4.1.9.9.215.1.1.2"

"cmnMacAddressesLearnt" "1.3.6.1.4.1.9.9.215.1.1.3"

"cmnMacAddressesRemoved" "1.3.6.1.4.1.9.9.215.1.1.4"

"cmnNotificationsEnabled" "1.3.6.1.4.1.9.9.215.1.1.5"

This confirms fact, I have found in documentation. (sending trap about learning/clearing MAC on specific problem).

Cisco SW 12.2 (25) SEE3.

So how to know in advance, that MAC table becoming to be full in this case ?

Workarond is simple read MAC count , create a graph and constantly monitor it. But You agree, that get a notification about exceeding MAC table Threshold is much better.

Best Regards,

Tomas.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

vishwancc
Level 3
Level 3

‎01-23-2009 08:48 PM

Hi Tomas ,

Is this switches is acting as default gateway for other switches?

As you said because of increased network traffic you are facing this problem.

Try arp timeout on the interface by default its 4 Hr you could decrease it

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.30/configuration/routing/guide/ARP.html#wp1015640

Chao

Vishwa

0 Helpful

1pipantom2
Level 1
Level 1
In response to vishwancc

‎01-23-2009 11:02 PM

Hello Vishwa

I am taking about MAC table. This Cisco 3560 working as pure bridge.

I just provided a example from real life, why I need MAC table filling monitoring.

And my question is how to set MAC Table Threshold and get SNMP Trap (or simply to read some SNMP OID') if this Threshold was exceeded.

Best Regards,

Tomas

0 Helpful

1pipantom2
Level 1
Level 1
In response to 1pipantom2

‎01-24-2009 06:00 AM

Hello all,

I am wondering what it is also impossible read MAC (CAM) table count via SNMP. There isn't SNMP OID to get similar result as via CLI show mac-address-table | inc Total.

The only doc I have found is

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a9b.shtml

But this solution is not effective, If I would like simple to read active MAC address count in MAC table

I will solve my problem in following way. Just write simple tcl/expect or perl script. Script will telnet to devices and read show mac-address-table | inc Total output. If value is more than let say 5K active MAC addresses, rise the alarm window.

Any comments,

Best Regards,

Tomas

0 Helpful
Customers Also Viewed These Support Documents