Broadcast storms can easily disrupt entire networks. They spread a layer 2 broadcast domain on the inside out. This can flat networks the entire network to be in, or in modern networks, a VLAN. A broadcast storm can disturb Router (high CPU load) and thus lead beyond the boundaries of a VLAN to disturbances.
The typical pays for a broadcast tower is the little switch in the office or on the conference table. Is there a mistake loop (Loop patched), this switch to the traffic generator.
The red wire on the small 3Com switch creates a loop on the second Layer The switch floods by the central switches on the green cable with all the broadcasts, multicasts and unicasts an unknown recipient.
Storm Control Setup
Cisco IOS offers Storm Control feature with the ability to broadcast, multicast and unicast storms to respond. The thresholds for the detection of a storm can be in bits per second, packets per second or percent of the bandwidth are given. In the following example, the threshold for FastEthernet0 / 1 to 100 packets per second for broadcast and 500 packets per second set for multicasts. If any of these are exceeded, the interface is disabled.
interface FastEthernet0 / 1
storm-control broadcast level 100 pps
storm-control multicast level 500 pps
storm-control action shutdown
Watch the multicast and broadcast rate of an interface in normal mode and then set out the threshold values. Without the command storm-control action shutdown would switch the traffic to filter (block only). In addition, the switch can send a trap. The following is configured to limit multicast to 100 kbit / s and sends a trap at the onset of this condition.
errdisable recovery cause storm-control
interface FastEthernet0 / 1
storm-control broadcast level 100 pps
storm-control multicast level 100k bps
storm-control action shutdown
storm-control action trap
A broadcast storm on the console looks like this:
Switch #
03:16:27:% PM-4-ERR_DISABLE: storm-control error detected on Fa0 / 1, Fa0 / 1 putting in err-disable state
Switch #
03:16:27:% STORM_CONTROL-3-SHUTDOWN: A packet storm was detected on Fa0 / 1 The interface has been disabled.
Switch #
Switch # show storm-control
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ------ ----
Fa0 / 1 Link Down 100 pps 100 pps pps 0
Switch #
03:21:20:% PM-4-ERR_RECOVER: Attempting to recover from storm-err-disable state control on Fa0 / 1
Switch #
03:21:23:% PM-4-ERR_DISABLE: storm-control error detected on Fa0 / 1, Fa0 / 1 putting in err-disable state
The interface is disabled and the storm may disrupt the network is not. With show storm-control admin can view the current state of the. In the above example, the switch tries to five minutes to re-enable the interface.
Storm control for multicast and broadcast Edge ports of a network should be activated at all. In flat networks or with intensive use of a multicast application must be adapted to the threshold values to avoid false alarms.
errdisable recovery cause storm-control
interface FastEthernet0 / 1
storm-control broadcast level 100 pps
storm-control multicast level 500k bps
storm-control action shutdown
storm-control action trap
Storm Control for Unicast could at public ports (network access for guests) to be interesting.