Threshold Crossing Alert Configuration
Threshold Crossing Alerts (TCAs) monitor specific MIB variables or counters, and generate SNMP traps when object values cross defined thresholds. Three types of TCAs are supported:
- IKE Failed Authentication (monitors IKE negotiation counters)
- IPsec Tunnel Removal (monitors IPsec tunnel counters)
- Dead Peer Detections (monitors DPD protocol counters)
Threshold levels, listed in order of increasing importance are clear, minor, major, and critical. Each threshold level is user-configurable and is accompanied by a associated reset-counter, also user-configurable, which prevents the issue of extraneous SNMP traps when a counter is bouncing across threshold values.
A threshold crossing event occurs when the associated counter value rises above the next-highest threshold value, or when the associated counter value falls below the next-lowest reset-threshold value. An SNMP trap, raising the alert level, is generated as soon as the counter value exceeds the next-highest threshold. An SNMP trap, lowering the alert level, occurs only during a check period when the TCA examines all counter values. Such check periods occur at 100 second intervals.
The following scenario illustrates TCA operations. The sample TCA, ike-tca-group, monitors the count of dead IKEv2 peers. Threshold and reset values are shown. A minor alarm threshold and its associated reset threshold have not been configured.
nameike-tca-group
tca-typeike-dpd
critical100
reset-critical90
major80
reset-major50
minor0
reset-minor0
t=time
t=0 ike-dpd counter= 30 ike-dpd alert level=clear
t=1 ike-dpd counter= 60 ike-dpd alert level=clear
t=2 ike-dpd counter= 80 ike-dpd alert level=major trap sent
t=3 ike-dpd counter= 95 ike-dpd alert level=major
t=4 ike-dpd counter=100 ike-dpd alert level=critical trap sent
t=5 ike-dpd counter=120 ike-dpd alert level=critical
t=6 ike-dpd counter= 99 ike-dpd alert level=critical
t=7 ike-dpd counter= 90 ike-dpd alert level=major trap sent
t=8 ike-dpd counter= 60 ike-dpd alert level=major
t=9 ike-dpd counter= 0 ike-dpd alert level=clear trap sent
Use the following procedure to configure TCAs.