Allied Telesis Layer 3 Switches Network Manual page 5

Using QoS policy-based storm protection
Policy-based storm protection lets you specify one of a
range of actions for the switch to take when it detects a
broadcast storm. It is a part of the QoS functionality.
Policy-based storm protection is more powerful than simple
bandwidth limiting. It lets you restrict storm damage to
within the storming VLAN, and it gives you the flexibility to
define what traffic rate makes a broadcast storm.
Configuration To use storm protection:
1. Turn on the switch enhanced mode qoscounters, unless it is already enabled. After this,
you need to restart the switch.
2. Create a classifier to match the desired traffic. To match all broadcast packets specify a
destination MAC address of ff-ff-ff-ff-ff-ff.
3. Create a QoS traffic class and define the following storm protection settings in it:
4. Create the rest of the QoS framework: a flow group and policy. Add the classifier to the
flow group, the flow group to the traffic class, and the traffic class to the policy.
5. Apply the policy—and therefore the storm protection—to one or more ports.
The procedure above applies storm protection to classified traffic, and uses a classifier to
select all broadcast traffic. This is the most common approach. If you want to, you can instead
classify to select important non-broadcast traffic and apply storm protection to unmatched
traffic. Unimportant or unwanted unicast and multicast traffic then counts towards the storm
calculations.
To apply storm protection to unclassified traffic, configure storm protection on the default
traffic class in the QoS policy settings. Use the parameters dtcstormwindow,
dtcstormrate, dtcstormaction, and dtcstormtimeout.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
Window (stormwindow) specifies how often the switch measures traffic to decide
whether to activate storm protection (in seconds).
Rate (stormrate) specifies the amount of traffic per second that must be exceeded
before the switch takes action.
Action (stormaction) specifies what the switch does when it detects a storm:
Link Down (linkdown) makes the switch physically disable the port on which the
storm is occurring, so that the link goes down.
Port Disable (portdisable) makes the switch logically disable the port on which the
storm is occurring, leaving the link up.
VLAN Disable (vlandisable) makes the switch block traffic only on the VLAN on
which the storm is occurring.
Timeout (stormtimeout) specifies the number of seconds that the port remains
disabled for.
Protecting the network
Products
AT-8948
x900-48 Series
AT-9900 Series
AT-9924Ts
x900-24 Series
Software Versions
2.8.1 and later
5