We have about 400 switches (L2 / L3) consisting of a traditional Cisco model (Core, Distribution, Access). Core and Distribution consist of 6500's with a mixture of Sup1/2/720's. The bulk of the switching kit exists at the access layer consisting of approximately 380 Cisco 2950's.
A single Layer 2 vlan has been cofnigured across all devices (legacy) for management. CiscoWorks LMS2.6 (with all latest patches / updates) sits on this VLAN and does what it does.
I have been investigating the possibility of using DFM as more of a real time alerting tool and have began reducing the Polling Parameters for Reachability and Environment.
After reducing the reachability poll to 30 secs, and environment to 180 secs, I have observed intermittent network outages on the management VLAN which lasts for a maximum of 1 minute. Is DFM polling too much and somehow causing a saturation on the VLAN ?
The problems have only started since I began reducing the polling timers. Changing them back to default eliminates the issue.
I am expecting too much from DFM ? Was it never intended to operate as a realtime polling tool ? and finally, does Cisco (or anyone else) have any recommendations for polling parameters ?
Thanks in advance.
I would say you're expecting too much from DFM. It was not designed to be a real-time agressive polling tool. To compensate for this, is does handle some device traps to provide a more instantaneous look at potential device health problems (see http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/dfm/dfm206/ug/trapfwd.htm for a list of traps DFM can handle).
However, I don't think you're saturating the VLAN. It is more likely the device is throttling the SNMP. I think leaving environment polling at 180 seconds is fine. I would bump up the reachability polling to at 90 seconds, then rely on traps for other problems with reachability.