Understanding Fault Mode in Network Director
The Fault mode shows you information about the health of your network and changing conditions of your equipment. Use Fault mode to find problems with equipment, pinpoint security attacks, or to analyze trends and categories of errors.
This topic describes:
What are Events and Alarms?
Activity on a network device consists of a series of events. A software component on the network device, called an entity, is responsible for running the Simple Network Management Protocol (SNMP) to log and monitor these events. When certain types of events are persistent, or when the condition causing the event crosses a threshold, SNMP sends a notification, also called a trap to Network Director. Network Director correlates traps, describing a condition, into an alarm . For example, multiple power supply traps coming from a device are correlated into a single power supply alarm for the device.
There are many types of alarms. An alarm can be as routine as when the device changes state or as serious as when a power supply has failed. When an alarm is sent, or raised, it stays raised until the triggering condition is resolved or cleared. The system can clear the alarm when the state changes again or an administrator can clear it manually, which indicates that the condition is now resolved.
SNMP also plays another role in Network Director. Enabling devices for SNMP with the appropriate read-only V1/V2/V3 credentials, can speed up device discovery.
Alarm Severity
Alarms are ranked by their impact to the network. The following list shows the ranking in Network Director from most impact to least impact on the network. It also shows the color scheme associated with each level of severity that is reflected in related graphs.
Critical (Red) | — | A critical condition exists; immediate action is necessary. |
Major (Orange) | — | A major error has occurred; escalate or notify as necessary. |
Minor (Yellow) | — | A minor error has occurred; notify or monitor the condition. |
Info (Blue) | — | An informational message; no action is necessary. Informational alarms do not necessarily indicate an error. It could indicate that a device or entity has changed state. |
Administrators can override the default severity of an alarm and set the severity to match their inhouse guidelines. Changing the severity level for an alarm is done on the Alarm Settings page in system Preferences.
Alarm Classification
Network Director organizes alarms into categories so you can view trends in the types of errors occurring on a network. These categories, shown in Table 1 are derived from the SNMP Management Information Base (MIB) that is the information database or module containing the trap information for the event.
Table 1: Network Director Alarm Classifications
Category | Description |
|---|---|
APAndRadio | Indicates alarms for access points and their radios. These alarms are generated from access points. |
BFD | Indicates alarms for Bidirectional Forwarding Detection sessions. These alarms are generated from EX Series switches. |
BGP | Indicates alarms for Border Gateway Protocol, Version 4. |
Chassis | Indicates alarms for switch hardware, in this case, EX Series switches. |
ClientAndUserSession | Indicates alarms for wireless clients. |
ClusterAndModo | Indicates alarms about wireless network clusters and mobility domains. |
Config | Indicates alarms for configuration management. |
CoreAndControllers | Indicate device alarms. |
CoS | Indicates class of service alarms. |
DHCP | Indicates local server DHCP alarms. |
DOM | Indicates Digital Optical Monitoring alarms that are generated from optical interfaces. |
FlowCollection | Indicates alarms generated when collecting and exporting traffic flows. |
General | Indicates alarms that are common to all network devices, such as link up/down or authentication. |
GenericEvent | Indicates an alarm that is generated from an Op script or event policies. |
L2ALD | Indicates MAC address alarms generated from the Layer 2 Address Learning Daemon (L2ALD). |
L2CP | Indicates alarms generated by Layer 2 Control Protocol features. |
MACFDB | Indicates an alarm for when MAC addresses are learned or removed from the forwarding database of the monitored device. |
Misc | Indicates alarms that do not fit into the other categories. |
PassiveMonitoring | Indicates alarms that occur on a passive monitoring interface. |
Ping | Indicates alarms that a generated during a Ping request. |
RFDETECT | Indicates alarms from radio frequency conditions. These alarms are generated from wireless controllers. |
RMON | Indicates RMON alarms |
SONET | Indicates a SONET or SDH alarm on an interface. |
SONET APS | Indicates alarms generated on a SONET interface that participates in Automatic Protection Switching (APS). |
VirtualChassis | Indicates alarms generated from Virtual Chassis members regarding member or port status. |
VNETWORK | Indicates virtual networking alarms. |
Alarm State
Once an alarm is active, it has one of these states:
- Active—Alarms that are current and not yet acknowledged or cleared.
- Cleared—Alarms that are resolved and the device or entity has returned to normal operation.
Some alarm states go directly from active to cleared state and require little to no administrative effort. However, other alarms with a high severity should be acknowledged and investigated.
In addition to acknowledging and clearing an alarm, you can assign an alarm to someone and you can append a note or annotation to an alarm. Annotations are helpful for documenting the resolution of an alarm or time estimates for a fix. Changes to an alarm’s state are made through the Alarm State monitor in Fault mode.
