Troubleshooting Help
wrwarwick
Member Posts: 104
in CCNA & CCENT
This is a work related question, but I figured it could help out anyone studying for an exam.
Here's the typical situation that happens at work:
Our team gets notified by the monitoring center that a specific interface has went into an alarm status. For example, Gi0/5 has been 85% utilized for the last hour, please investigate.
I'm really at a loss as to how to properly investigate this, and would love some assistance. Let's say upper management wants IPs and MACs of the top talkers, what they were doing exactly, etc. What is the best way to obtain this information?
I've been messing around with some NetFlow and SNMP tools this afternoon but none of them seem to give me exactly what I want. I also realize this is probably a lot easier than I am making it, so if someone could please knock some sense into me that would be great.
Here's the typical situation that happens at work:
Our team gets notified by the monitoring center that a specific interface has went into an alarm status. For example, Gi0/5 has been 85% utilized for the last hour, please investigate.
I'm really at a loss as to how to properly investigate this, and would love some assistance. Let's say upper management wants IPs and MACs of the top talkers, what they were doing exactly, etc. What is the best way to obtain this information?
I've been messing around with some NetFlow and SNMP tools this afternoon but none of them seem to give me exactly what I want. I also realize this is probably a lot easier than I am making it, so if someone could please knock some sense into me that would be great.
Comments
-
steele84
Member Posts: 62 ■■□□□□□□□□
Do you know what the device is connected to, I would contact your systems team and see what is connected to that port. Especially if the timing of the alarms are happening at the same time of the day.“What lies behind us and what lies before us are tiny matters compared to what lies within us.”
― Ralph Waldo Emerson -
DragonNOA1
Member Posts: 149 ■■■□□□□□□□
Using NBAR on a router comes to mind. Is this a link to another switch/router or directly connected to an endpoint?The command line, an elegant weapon for a more civilized age -
wrwarwick
Member Posts: 104
This instance specifically was a trunk link between two switches. We get a variety of alarms in, mostly circuit alarms for over utilization.
Contacting systems could be a step, but first the offending server or device needs to be determined.
Is NetFlow or SNMP not the route I should be taking to verify this information?