Storm Control

What is Storm Control?


CCNP 300-115 Switch
– 2.0 Infrastructure Security
– – 2.1f Storm Control


Storm control is a security feature that prevents LAN Storm Attacks by monitoring traffic on ports.

What is a LAN Storm Attack? A land storm attck is when all ports in the same VLAN are flooded by broadcast, multicast, and unicast packets.

How can the broadcast storm be a problem? Every time the NIC receives they broadcast, multicast, or unit cast packet I had to send it to CPU to process it. Sending excessive broadcast can cause the host CPU to go up 100% utilization.

Storm Control is configured in a per port basis it is not configured globally.

When you configure Storm Control you have to specify what kind of traffic you’re going to want to monitor it could be broadcast unit cast.

If you want to monitor traffic by bandwidth all of the platform support this feature line break if you want to monitor traffic by traffic rate in packets per second or traffic rate in bits per second or traffic rate packets per second and small frames only some platforms support this feature.

switch(config-if)#storm-control broadcast level 65.5
switch(config-if)#storm-control multicast level pps 3k 2k

Enable storm control

switch(config-if)#storm-control action shutdown
(or trap)

Choose when it will be triggered

Choose what happens when the specific level is reached. The default action is to drop frames.

Verify storm control configuration using the following command:

switch#show storm-control

When a storm is detected and storm control is set to either default action of shutdown action, when a storm control is detected on that interface and the level reaches that threshold the port will go into err-disabled.

You can configure the following:

switch(config)#errdisable recovery cause storm-control
switch(config)#errdisable recovery interval <30-86400>