Configuring Traffic Storm Control

This topic describes how to configure the Traffic Storm Control feature on a Cisco 1000 Series Integrated Services Router, and contains the following sections:

Information About Traffic Storm Control

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. This feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces.

This feature when configured ensures that the rate does not exceed the configured policer rate. When the traffic exceeds the configured rate, packets are dropped to control the traffic.

Prerequisites for Traffic Storm Control

Ensure that you configure a separate storm control policer for each of the unicast, broadcast, and multicast traffic types. It is important to configure traffic storm control policer for each traffic type. For example, multicast traffic will not be controlled traffic if you do not configure a storm control policer for it. If a storm control policer is not configured for multicast traffic, the traffic load may exceed which is the expected behavior and that adds load to the customer network, especially when this traffic is caused by any misconfiguration or a cyberattack.

Limitations of Traffic Storm Control

  • Only bandwidth as percentage is used to measure traffic activity.

  • Storm control is detected based on interface counter or hardware module reports (depending on the platform).

  • Storm control is specific to physical interfaces.

  • Storm control is only supported for unicast, broadcast, and multicast ingress traffic.

Configuring Traffic Storm Control

Perform the following steps to configure traffic storm control:


Note


Traffic storm control is disabled by default.


Procedure

  Command or Action Purpose

Step 1

enable

Example:

Router>enable 

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Router#configure terminal

Enters global configuration mode.

Step 3

storm-control {unicast | broadcast | multicast} level {level_high}{level_low}

Example:

  • Unicast control

Router(config-if)#storm-control unicast level 70.00 50.00
  • Broadcast Control

Router(config-if)#storm-control broadcast level 70.00 50.00
  • Multicast Control

Router(config-if)#storm-control multicast level 70.00 50.00

Specifies the interface level unicast, broadcast, or multicast storm control suppression level as a percentage of the total bandwidth. Here, the bandwidth is dependent on the operational speed.

Unicast: Configures the known and unknown unicast storm control.

Broadcast: Configures broadcast storm control.

Multicast: Configures multicast storm control.

Level: Specifies the threshold levels for broadcast, multicast, or unicast traffic.

Step 4

storm-control action { shutdown | trap}

Example:

Router(config-if)#storm control action trap

Specifies the action to take when a storm occurs on a port.

The traffic is blocked when it exceeds the threshold specified by configuration level, irrespective of the shutdown or SNMP trap being enabled or disabled.

  • shutdown: The interface enters err-disable state when traffic exceeds the threshold specified by configuration level.

  • trap: The interface sends an SNMP trap event when traffic exceeds the threshold specified by configuration level.

Note

 

You can enable the shutdown and trap actions simultaneously.

Step 5

exit

Exits interface configuration mode and returns the router to global configuration mode.

Example: Configuring a Traffic Storm Control

Example: Configuring a Traffic Storm Control



Router(config)#int gi0/1/0
Router(config-if)#storm-control unicast level 70.00 50.00
Router(config-if)#storm-control broadcast level 70.00 50.00
Router(config-if)#storm-control multicast level 70.00 50.00
Router(config-if)#storm-control action shutdown
Router(config-if)#storm-control action trap

Feature Information for Traffic Storm Control

The following table provides release information about the feature described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 1. Feature Information for Traffic Storm Control

Feature Name

Releases

Feature Information

Traffic storm control support on L2 switch ports

Cisco IOS XE Cupertino 17.8.1a Release

  • Starting from Cisco IOS XE Cupertino 17.7.x, Traffic Storm Control is supported on all the existing C11xx (C110x, C111x, C112, C113x, C116x) models.

  • Starting from Cisco IOS XE Cupertino 17.8.x, Traffic Storm Control is supported on C1113 and C1131 series.

Traffic storm control is configured to reduce excessive traffic when packets flood the LAN. Configuring traffic storm control helps in preventing LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces.