Home
Certification Preparation
Cisco
CCNA & CCENT
Troubleshooting Help
wrwarwick
This is a work related question, but I figured it could help out anyone studying for an exam.
Here's the typical situation that happens at work:
Our team gets notified by the monitoring center that a specific interface has went into an alarm status. For example, Gi0/5 has been 85% utilized for the last hour, please investigate.
I'm really at a loss as to how to properly investigate this, and would love some assistance. Let's say upper management wants IPs and MACs of the top talkers, what they were doing exactly, etc. What is the best way to obtain this information?
I've been messing around with some NetFlow and SNMP tools this afternoon but none of them seem to give me exactly what I want. I also realize this is probably a lot easier than I am making it, so if someone could please knock some sense into me that would be great.
Find more posts tagged with
Comments
steele84
Do you know what the device is connected to, I would contact your systems team and see what is connected to that port. Especially if the timing of the alarms are happening at the same time of the day.
DragonNOA1
Using NBAR on a router comes to mind. Is this a link to another switch/router or directly connected to an endpoint?
wrwarwick
This instance specifically was a trunk link between two switches. We get a variety of alarms in, mostly circuit alarms for over utilization.
Contacting systems could be a step, but first the offending server or device needs to be determined.
Is NetFlow or SNMP not the route I should be taking to verify this information?
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
