- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring VSS
- Configuring the Cisco IOS In-Service Software Upgrade Process
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Trustsec
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Engine 6L-E
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Engine 7L-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Cisco IOS Auto Smartport Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Bidirection Forwarding Detection
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring Wireshark
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Configuring OBFL
- Configuring SNMP
- Configuring NetFlow-lite
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- Configuring MIB Support
- ROM Monitor
- Acronyms and Abbreviations
Configuring Storm Control
This chapter describes how to configure port-based traffic control on the Catalyst 4500 series switch.
This chapter consists of these sections:
•Enabling Broadcast Storm Control
•Enabling Multicast Storm Control
•Disabling Broadcast Storm Control
•Disabling Multicast Storm Control
Note For complete syntax and usage information for the switch commands used in this chapter, first look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
About Storm Control
This section contains the following subsections:
•Hardware-Based Storm Control Implementation
•Software-Based Storm Control Implementation
Storm control prevents LAN interfaces from being disrupted by a broadcast storm. A broadcast storm occurs when broadcast packets flood the subnet, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm.
Hardware-Based Storm Control Implementation
Broadcast suppression uses filtering that measures broadcast activity in a subnet over a one-second interval and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of the interval. Broadcast suppression is disabled by default.
Figure 55-1 shows the broadcast traffic patterns on a LAN interface over a given interval. In this example, broadcast suppression occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.
Figure 55-1 Storm Control Example—Hardware-based Implementation
The broadcast suppression threshold numbers and the time interval combination make the broadcast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast packets to pass through.
Broadcast suppression on the Catalyst 4500 series switches is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. If the packet destination address is broadcast, then the broadcast suppression circuitry tracks the current count of broadcasts within the one-second interval, and when a threshold is reached, it filters out subsequent broadcast packets.
Because hardware broadcast suppression uses a bandwidth-based method to measure broadcast activity, the most significant implementation factor is setting the percentage of total available bandwidth that can be used by broadcast traffic. Because packets do not arrive at uniform intervals, the one-second interval during which broadcast activity is measured can affect the behavior of broadcast suppression.
Software-Based Storm Control Implementation
When storm control is enabled on an interface, the switch monitors packets received on the interface and determines whether the packets are broadcast. The switch monitors the number of broadcast packets received within a one-second time interval. When the interface threshold is met, all incoming data traffic on the interface is dropped. This threshold is specified as a percentage of total available bandwidth that can be used by broadcast traffic. If the lower threshold is specified, all data traffic is forwarded as soon as the incoming traffic falls below that threshold.
Enabling Broadcast Storm Control
To enable storm control, perform this task:
The following example shows how to enable storm control on interface:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fa3/1
Switch(config-if)# storm-control broadcast level 50
Switch(config-if)# end
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fi3/1 Forwarding Enabled Disabled 50.00%
Switch# show int fa2/1 capabilities
FastEthernet2/1
Model: WS-X4148-RJ45V-RJ-45
Type: 10/100BaseTX
Speed: 10,100,auto
Duplex: half,full,auto
Auto-MDIX: no
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100), hw
Multicast suppression: percentage(0-100), hw
Flowcontrol: rx-(none),tx-(none)
VLAN Membership: static, dynamic
Fast Start: yes
CoS rewrite: yes
ToS rewrite: yes
Inline power: yes (Cisco Voice Protocol)
SPAN: source/destination
UDLD: yes
Link Debounce: no
Link Debounce Time: no
Port Security: yes
Dot1x: yes
Maximum MTU: 1552 bytes (Baby Giants)
Multiple Media Types: no
Diagnostic Monitoring: N/A
Enabling Multicast Storm Control
Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, Supervisor Engine 6L-E, Supervisor Engine 7-E, and Supervisor Engine 7L-E support per-interface multicast suppression, which allows you to subject incoming multicast and broadcast traffic to interface-level suppression.
Note Multicast and broadcast suppression share a common threshold per interface. Multicast suppression takes effect only if broadcast suppression is enabled. Disabling broadcast suppression on an interface also disables multicast suppression.
To enable multicast suppression, perform this task:
The following example shows how to enable multicast suppression on ports that have broadcast suppression already enabled:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# int fa3/1
Switch(config-if)# storm-control broadcast include multicast
Switch(config-if)# end
Switch#
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fi3/1 Forwarding Enabled Enabled 50.00%
Disabling Broadcast Storm Control
To disable storm control, perform this task:
The following example shows how to disable storm control on interface.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# int fa3/1
Switch(config-if)# no storm-control broadcast level
Switch(config-if)# end
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Switch#
Disabling Multicast Storm Control
To disable multicast suppression, perform this task:
Displaying Storm Control
Note Use the show interface capabilities command to determine the mode in which storm control is supported on an interface.
The following example shows an interface that supports broadcast suppression in software (sw):
Switch# show int fa2/1 capabilities
FastEthernet2/1
Model: WS-X4148-RJ45V-RJ-45
Type: 10/100BaseTX
Speed: 10,100,auto
Duplex: half,full,auto
Auto-MDIX: no
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100), hw
Multicast suppression: percentage(0-100), hw
Flowcontrol: rx-(none),tx-(none)
VLAN Membership: static, dynamic
Fast Start: yes
CoS rewrite: yes
ToS rewrite: yes
Inline power: yes (Cisco Voice Protocol)
SPAN: source/destination
UDLD: yes
Link Debounce: no
Link Debounce Time: no
Port Security: yes
Dot1x: yes
Maximum MTU: 1552 bytes (Baby Giants)
Multiple Media Types: no
Diagnostic Monitoring: N/A
Note Use the show interfaces counters storm-control command to display a count of discarded packets.
Switch# show interfaces counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Fa2/1 Enabled Disabled 10.00% 46516510
Gi3/1 Enabled Enabled 50.00% 0
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fa2/1 Blocking Enabled Disabled 10.00%
Gi3/1 Link Down Enabled Enabled 50.00%