Monitor Size of the CAM Table on a Cisco Switch

monitoring networking snmp cisco

Do you have a sense of the size and frequency of the flooded packets - or a particular VLAN, for that matter? One common phenomenon is unicast flooding due to the mismatch of CAM and ARP timers. If CAM ages out but the corresponding ARP entry is still there then the switch will flood these frames. I've seen circumstances where this has resulted in literally gigabits of traffic showing up places it wasn't supposed to. There have also been circumstances where this correlated with CEF also losing entries - which then manifests as CPU issues on many platforms.

As far as pulling the address count via SNMP - check out this page: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a9b.shtml . It's slightly painful, but the mechanism is to pull the list of VLAN's and then to pull a list of CAM table addresses per VLAN and count accordingly. On the plus side it will give you a clue about where to look if there is actually a sudden proliferation of addresses somewhere.

You could also simply call "sh mac address-table count" either via ssh or a periodic EEM script that would then transmit the result back via e-mail, syslog, trap, etc.. This is dependent on the hardware platform and code rev, though.

Related

How to export all System event logs of a definite time period
Google c2dm transient 401 errors on some AWS instances
Enterprise IPv6 Migration - End of proxypac ? Start of Point-to-Point ? +10K users
Track bandwith usage by application
SQL Server 2008 R2 cluster, "available storage" shows "offline"
Apache won't upgrade connection to TLS
Varnish config rules to cache large MP3 and PDF files?
Reset DRAC to factory defaults
Squid causing websocket issues
How to upgrade module located inside initramfs?
Offline WSUS delta updates
Add static route through DHCP