Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Using Fault Management Monitors

 

The Fault mode shows you information about the health of your network and changing conditions of your equipment. Use Fault mode to find problems with equipment, pinpoint security attacks, or to analyze trends and categories of errors.

This topic describes:

What Are Events and Alarms?

Activity on a network device consists of a series of events. A software component on the network device, called an entity, is responsible for running the Simple Network Management Protocol (SNMP) to log and monitor these events. When certain types of events are persistent, or when the condition causing the event crosses a threshold, SNMP sends a notification, also called a trap to Connectivity Services Director. Connectivity Services Director correlates traps, describing a condition, into an alarm . For example, multiple power supply traps coming from a device are correlated into a single power supply alarm for the device.

There are many types of alarms. An alarm can be as routine as when the device changes state or as serious as when a power supply has failed. When an alarm is sent, or raised, it stays raised until the triggering condition is resolved or cleared. The system can clear the alarm when the state changes again or an administrator can clear it manually, which indicates that the condition is now resolved.

SNMP also plays another role in Connectivity Services Director. Enabling devices for SNMP with the appropriate read-only V1/V2/V3 credentials, can speed up device discovery.

Alarm Severity

Alarms are ranked by their impact to the network. The following list shows the ranking of alarms in Connectivity Services Director from alarms that have the most impact to alarms that have the least impact on the network. It also shows the color scheme associated with each level of severity that is reflected in related graphs.

Critical (Red)A critical condition exists; immediate action is necessary.
Major (Orange)A major error has occurred; escalate or notify as necessary.
Minor (Yellow)A minor error has occurred; notify or monitor the condition.
Info (Blue)An informational message; no action is necessary. Informational alarms do not necessarily indicate an error. It could indicate that a device or entity has changed state.

Administrators can override the default severity of an alarm and set the severity to match their inhouse guidelines. Changing the severity level for an alarm is done on the Fault tab of System Preferences.

Alarm Classification

Connectivity Services Director organizes alarms into categories so you can view trends in the types of errors occurring on a network. These categories, shown in Table 1 are derived from the SNMP Management Information Base (MIB) that is the information database or module containing the trap information for the event.

Table 1: Connectivity Services Director Alarm Classifications

Category

Description

BFD

Indicates alarms for Bidirectional Forwarding Detection sessions. These alarms are generated from routing devices.

BGP

Indicates alarms for BGP4.

Chassis

Indicates alarms for device hardware, in this case, routers.

Cluster/Modo

Indicates alarms about wireless network clusters and mobility domains.

Configuration

Indicates alarms for configuration management.

Controllers

Indicate device alarms.

CoS

Indicates class of service alarms.

DHCP

Indicates local server DHCP alarms.

DOM

Indicates Digital Optical Monitoring alarms that are generated from optical interfaces.

General

Indicates alarms that are common to all network devices, such as link up/down or authentication.

L2ALD

Indicates MAC address alarms generated from the Layer 2 Address Learning Daemon (L2ALD).

L2CP

Indicates alarms generated by Layer 2 Control Protocol features.

MACFDB

Indicates an alarm for when MAC addresses are learned or removed from the forwarding database of the monitored device.

Misc

Indicates alarms that do not fit into the other categories.

Network Service

Indicates alarms generated when LSP or VPN services are impacted

PassiveMonitoring

Indicates alarms that occur on a passive monitoring interface.

Ping

Indicates alarms that a generated during a Ping request.

RMon

Indicates RMON alarms

Alarm State

Once an alarm is active, it has one of these states:

  • Active—Alarms that are current and not yet acknowledged or cleared.

  • Cleared—Alarms that are resolved and the device or entity has returned to normal operation.

Some alarm states go directly from active to cleared state and require little to no administrative effort. However, other alarms with a high severity should be acknowledged and investigated.

In addition to acknowledging and clearing an alarm, you can assign an alarm to someone and you can append a note or annotation to an alarm. Annotations are helpful for documenting the resolution of an alarm or time estimates for a fix. Changes to an alarm’s state are made through the Alarm State monitor in Fault mode.

Alarm Notifications

Alarms can be enabled for email notification. When an alarm with notification enabled is generated, an email is sent to a set of specified addresses. There is a list of global email addresses that receive notifications from all alarms with notification enabled. Each alarm type can also have a list of addresses that receive notification when that alarm type is generated. Administrators can enable notification for alarm types and specify addresses to receive email notifications. These tasks are done on the Fault tab of System Preferences.