This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Which interfaces are you monitoring on your switches?

FormerMember
FormerMember


I am just looking for a little advice on what interfaces are important to monitor on a switch.  We are currently monitoring the uplink interfaces on each switch.  The interfaces that we are monitoring have "sflow forwarding" enabled (foundry uses 'sflow') on the switch itself.  Are there any other interfaces that should be monitored?  I know it is a hard question to answer since you don't know our infrastructure.  What interfaces are of importance to your company/work?  Thanks in advance!

  • I monitor:

    a) interfaces that are pointing towards other monitored nodes using LLDP

    i.e. these (SWQL custom query resource):

    SELECT n1.ipaddress, LocalPortNumber, RemoteSystemName, RemotePortDescription

    FROM Orion.NodeLldpEntry NLE inner join orion.nodes N1

    on NLE.nodeid=n1.nodeid

    inner join orion.nodes N2

    on NLE.remotesystemname=n2.SysName

    left outer join Orion.NPM.Interfaces i

    on i.interfaceindex = nle.localportnumber and i.nodeid=nle.nodeid

    where i.interfaceid is null

    and nle.localportnumber<>0

    b) interfaces that are pointing towards the spanning-tree root

    (I haven't figured out which interfaces these are in solarwinds, and I mostly don't care because LLDP provides the right information.)

    c) all interfaces ON the spanning-tree root (because in my environment this is an aggregation switch and this should only be interfaces pointing towards edge switches or the routers.

    d) Unfortunately we have many (probably over 5000) users who have connected their own switch, otherwise I'd suggest interfaces that have more than one MAC address in the bridge table, since that probably points to a switch that should be monitored, or a VM host, or a switch fabric inside a blade chassis.

  • I monitor uplink ports and any ports that have something worth monitoring connected such as servers etc.

  • All physical ports with all except uplinks set to unpluggable.

    VLan ports because that's where our netflow is reporting from.

    maybe I should monitor loopback since its the trap source but I did not find it likely that loopback would be explicitly shutdown, node still polling, but not sending traps.

  • Similar to superfly99, typically WAN ports, uplink/trunk ports, and ports connected to important servers/devices.