The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This topic describes how to configure the Traffic Storm Control feature on a Cisco 8100 Series Secure Routers, and contains the following sections:
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. This feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces.
This feature when configured ensures that the rate does not exceed the configured policer rate. When the traffic exceeds the configured rate, packets are dropped to control the traffic.
Ensure that you configure a separate storm control policer for each of the unicast, broadcast, and multicast traffic types. It is important to configure traffic storm control policer for each traffic type. For example, multicast traffic will not be controlled traffic if you do not configure a storm control policer for it. If a storm control policer is not configured for multicast traffic, the traffic load may exceed which is the expected behavior and that adds load to the customer network, especially when this traffic is caused by any misconfiguration or a cyberattack.
Only bandwidth as percentage is used to measure traffic activity.
Storm control is detected based on interface counter or hardware module reports (depending on the platform).
Storm control is specific to physical interfaces.
Storm control is only supported for unicast, broadcast, and multicast ingress traffic.
Perform the following steps to configure traffic storm control:
 Note |
Traffic storm control is disabled by default. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password, if prompted. |
||
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
||
|
Step 3 |
storm-control {unicast | broadcast | multicast} level {level_high}{level_low} Example:
|
Specifies the interface level unicast, broadcast, or multicast storm control suppression level as a percentage of the total bandwidth. Here, the bandwidth is dependent on the operational speed. Unicast: Configures the known and unknown unicast storm control. Broadcast: Configures broadcast storm control. Multicast: Configures multicast storm control. Level: Specifies the threshold levels for broadcast, multicast, or unicast traffic. |
||
|
Step 4 |
storm-control action { shutdown | trap} Example: |
Specifies the action to take when a storm occurs on a port. The traffic is blocked when it exceeds the threshold specified by configuration level, irrespective of the shutdown or SNMP trap being enabled or disabled.
|
||
|
Step 5 |
exit |
Exits interface configuration mode and returns the router to global configuration mode. |
Router(config)#int gi0/1/0
Router(config-if)#storm-control unicast level 70.00 50.00
Router(config-if)#storm-control broadcast level 70.00 50.00
Router(config-if)#storm-control multicast level 70.00 50.00
Router(config-if)#storm-control action shutdown
Router(config-if)#storm-control action trap
Feedback