Information About Storm Control; Storm Control; How Traffic Activity Is Measured - Cisco Catalyst 2960-X Security Configuration Manual
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
Information About Storm Control
Information About Storm Control
Storm Control
Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on
one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic
and degrading network performance. Errors in the protocol-stack implementation, mistakes in network
configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and
determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a
specified type received within the 1-second time interval and compares the measurement with a predefined
suppression-level threshold.
How Traffic Activity is Measured
Storm control uses one of these methods to measure traffic activity:
• Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast,
• Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received
• Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received
• Traffic rate in packets per second and for small frames. This feature is enabled globally. The threshold
With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until
the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If
the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the
rising suppression level. In general, the higher the level, the less effective the protection against broadcast
storms.
When the storm control threshold for multicast traffic is reached, all multicast traffic except control traffic,
Note
such as bridge protocol data unit (BDPU) and Cisco Discovery Protocol (CDP) frames, are blocked.
However, the switch does not differentiate between routing updates, such as OSPF, and regular multicast
data traffic, so both types of traffic are blocked.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
418
multicast, or unicast traffic
for small frames is configured for each interface.
Configuring Port-Based Traffic Control
OL-29048-01
Hide quick links:
Advertisement
Table of Contents
