10-12-2017 09:25 AM - edited 03-08-2019 12:20 PM
Hi,
I've got a cisco 6500 switch and dot1q trunk on one of its ports. But sometimes I face with storm on some vlan on the trunk. And I still can't find any useful way to detect which of vlans storms my switch. Of course, I can check all counters on vlan interfaces, but it's so long. Is there any simple way to detect a guilty vlan?
P.S. : Sorry for my English.
Solved! Go to Solution.
10-13-2017 10:24 AM
Typically, storm control is a type of traffic control in layer-2 environment mainly deployed on access ports. Therefore, you have a mechanism for storm control that can take action with the shutdown mode or can be useful by identifying exact switch ports based on SNMP traps. Keep in mind, storm control needs to be placed closest to the suspected source and placing storm control on trunk defeat this purpose..
Router# show top counters interface report 1 Started By : console Start Time : 08:18:25 UTC Tue Nov 23 2004 End Time : 08:19:42 UTC Tue Nov 23 2004 Port Type : All Sort By : util Interval : 76 seconds Port Band Util Bytes Packets Broadcast Multicast In- Buf- width (Tx + Rx) (Tx + Rx) (Tx + Rx) (Tx + Rx) err ovflw ------- ----- ---- ----------- ----------- ---------- ---------- ---- ----- Fa2/5 100 50 726047564 11344488 11344487 1 0 0 Fa2/48 100 35 508018905 7937789 0 43 0 0 Fa2/46 100 25 362860697 5669693 0 43 0 0 Fa2/47 100 22 323852889 4762539 4762495 43 0 0 Fa2/6 100 15 217815835 3403372 0 39 21 0 Fa2/44 100 10 145146009 2267900 0 43 0 0 Gi4/15 1000 0 0 0 0 0 0 0 Gi4/14 1000 0 0 0 0 0 0 0 Gi4/13 1000 0 0 0 0 0 0 0 Gi4/12 1000 0 0 0 0 0 0 0 Gi4/11 1000 0 0 0 0 0 0 0 Gi4/10 1000 0 0 0 0 0 0 0 Gi4/9 1000 0 0 0 0 0 0 0 Gi4/8 1000 0 776 2 0 2 0 0 Gi4/7 1000 0 0 0 0 0 0 0 Gi4/6 1000 0 0 0 0 0 0 0 Gi4/5 1000 0 0 0 0 0 0 0 Gi4/4 1000 0 0 0 0 0 0 0 Gi4/3 1000 0 776 2 0 2 0 0 Gi4/2 1000 0 0 0 0 0 0 0
Switch# show interfaces counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Fa2/1 Enabled Disabled 10.00% 46516510
Gi3/1 Enabled Enabled 50.00% 0
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fa2/1 Blocking Enabled Disabled 10.00%
Gi3/1 Link Down Enabled Enabled 50.00%
However, in the case of how to detect flooding vlan, bascially you are asking how to monitor vlan's traffic then go with SVI monitorting using MRT or PRTG.
I hope this helps and good luck! Please don't forget to mark correct and helpful answers to benefit others.
-Austin
10-12-2017 02:08 PM
Please see
useful links:
http://packetlife.net/blog/2008/nov/27/storm-control/
https://www.netcraftsmen.com/understanding-cisco-traffic-storm-control/
I hope this helps and good luck!
-Austin
10-12-2017 08:40 PM
10-13-2017 10:24 AM
Typically, storm control is a type of traffic control in layer-2 environment mainly deployed on access ports. Therefore, you have a mechanism for storm control that can take action with the shutdown mode or can be useful by identifying exact switch ports based on SNMP traps. Keep in mind, storm control needs to be placed closest to the suspected source and placing storm control on trunk defeat this purpose..
Router# show top counters interface report 1 Started By : console Start Time : 08:18:25 UTC Tue Nov 23 2004 End Time : 08:19:42 UTC Tue Nov 23 2004 Port Type : All Sort By : util Interval : 76 seconds Port Band Util Bytes Packets Broadcast Multicast In- Buf- width (Tx + Rx) (Tx + Rx) (Tx + Rx) (Tx + Rx) err ovflw ------- ----- ---- ----------- ----------- ---------- ---------- ---- ----- Fa2/5 100 50 726047564 11344488 11344487 1 0 0 Fa2/48 100 35 508018905 7937789 0 43 0 0 Fa2/46 100 25 362860697 5669693 0 43 0 0 Fa2/47 100 22 323852889 4762539 4762495 43 0 0 Fa2/6 100 15 217815835 3403372 0 39 21 0 Fa2/44 100 10 145146009 2267900 0 43 0 0 Gi4/15 1000 0 0 0 0 0 0 0 Gi4/14 1000 0 0 0 0 0 0 0 Gi4/13 1000 0 0 0 0 0 0 0 Gi4/12 1000 0 0 0 0 0 0 0 Gi4/11 1000 0 0 0 0 0 0 0 Gi4/10 1000 0 0 0 0 0 0 0 Gi4/9 1000 0 0 0 0 0 0 0 Gi4/8 1000 0 776 2 0 2 0 0 Gi4/7 1000 0 0 0 0 0 0 0 Gi4/6 1000 0 0 0 0 0 0 0 Gi4/5 1000 0 0 0 0 0 0 0 Gi4/4 1000 0 0 0 0 0 0 0 Gi4/3 1000 0 776 2 0 2 0 0 Gi4/2 1000 0 0 0 0 0 0 0
Switch# show interfaces counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Fa2/1 Enabled Disabled 10.00% 46516510
Gi3/1 Enabled Enabled 50.00% 0
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fa2/1 Blocking Enabled Disabled 10.00%
Gi3/1 Link Down Enabled Enabled 50.00%
However, in the case of how to detect flooding vlan, bascially you are asking how to monitor vlan's traffic then go with SVI monitorting using MRT or PRTG.
I hope this helps and good luck! Please don't forget to mark correct and helpful answers to benefit others.
-Austin
10-15-2017 11:46 PM
Thank you very mutch for "top report" command. I didn't know about it before. Unfortunately, it can be used for physical interfaces only. I'm going to write a script which will get information about vlans via SNMP and show me report :)
Thank you very mutch!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide