Understanding Fault Mode in Network Director
The Fault mode shows you information about the health of your network and changing conditions of your equipment. Use Fault mode to find problems with equipment, pinpoint security attacks, or to analyze trends and categories of errors.
This topic describes:
What Are Events and Alarms?
Activity on a network device consists of a series of events. A software component on the network device, called an entity, is responsible for running the Simple Network Management Protocol (SNMP) to log and monitor these events. When certain types of events are persistent, or when the condition causing the event crosses a threshold, SNMP sends a notification, also called a trap to Network Director. Network Director correlates traps, describing a condition, into an alarm . For example, multiple power supply traps coming from a device are correlated into a single power supply alarm for the device.
There are many types of alarms. An alarm can be as routine as when the device changes state or as serious as when a power supply has failed. When an alarm is sent, or raised, it stays raised until the triggering condition is resolved or cleared. The system can clear the alarm when the state changes again or an administrator can clear it manually, which indicates that the condition is now resolved.
SNMP also plays another role in Network Director. Enabling devices for SNMP with the appropriate read-only V1/V2/V3 credentials, can speed up device discovery.
Alarms are ranked by their impact to the network. The following list shows the ranking of alarms in Network Director from alarms that have the most impact to alarms that have the least impact on the network. It also shows the color scheme associated with each level of severity that is reflected in related graphs.
Administrators can override the default severity of an alarm and set the severity to match their inhouse guidelines. Changing the severity level for an alarm is done on the Fault tab of System Preferences.
Network Director organizes alarms into categories so you can view trends in the types of errors occurring on a network. These categories, shown in Table 1 are derived from the SNMP Management Information Base (MIB) that is the information database or module containing the trap information for the event.
Table 1: Network Director Alarm Classifications
Indicates alarms for access points and their radios. These alarms are generated from access points.
Indicates alarms for Bidirectional Forwarding Detection sessions. These alarms are generated from EX Series switches.
Indicates alarms for BGP4.
Indicates alarms for switch hardware, in this case, EX Series switches.
Indicates alarms for wireless clients.
Indicates alarms about wireless network clusters and mobility domains.
Indicates alarms for configuration management.
Indicate device alarms.
Indicates class of service alarms.
Indicates local server DHCP alarms.
Indicates Digital Optical Monitoring alarms that are generated from optical interfaces.
Indicates alarms generated when collecting and exporting traffic flows.
Indicates alarms that are common to all network devices, such as link up/down or authentication.
Indicates an alarm that is generated from an Op script or event policies.
Indicates MAC address alarms generated from the Layer 2 Address Learning Daemon (L2ALD).
Indicates alarms generated by Layer 2 Control Protocol features.
Indicates an alarm for when MAC addresses are learned or removed from the forwarding database of the monitored device.
Indicates alarms that do not fit into the other categories.
Indicates alarms that occur on a passive monitoring interface.
Indicates alarms that a generated during a Ping request.
Indicates alarms from radio frequency conditions. These alarms are generated from wireless controllers.
Indicates RMON alarms
Indicates a SONET or SDH alarm on an interface.
Indicates alarms generated on a SONET interface that participates in Automatic Protection Switching (APS).
Indicates alarms generated from Virtual Chassis members regarding member or port status.
Indicates virtual networking alarms.
Once an alarm is active, it has one of these states:
Active—Alarms that are current and not yet acknowledged or cleared.
Cleared—Alarms that are resolved and the device or entity has returned to normal operation.
Some alarm states go directly from active to cleared state and require little to no administrative effort. However, other alarms with a high severity should be acknowledged and investigated.
In addition to acknowledging and clearing an alarm, you can assign an alarm to someone and you can append a note or annotation to an alarm. Annotations are helpful for documenting the resolution of an alarm or time estimates for a fix. Changes to an alarm’s state are made through the Alarm State monitor in Fault mode.
Alarms can be enabled for email notification. When an alarm with notification enabled is generated, an email is sent to a set of specified addresses. There is a list of global email addresses that receive notifications from all alarms with notification enabled. Each alarm type can also have a list of addresses that receive notification when that alarm type is generated. Administrators can enable notification for alarm types and specify addresses to receive email notifications. These tasks are done on the Fault tab of System Preferences.
Threshold alarms are alarms that are generated when a monitored value crosses the configured threshold. They provide enhanced visibility into potential issues on the network. Administrators configure and manage threshold alarms the same way as other alarms, and can set the threshold level of individual threshold alarms on the Fault tab of System Preferences.