Configuring Storm Control


This chapter describes how to configure port-based traffic control on the Catalyst 4500 series switch.

This chapter consists of these sections:

About Storm Control

Enabling Broadcast Storm Control

Enabling Multicast Storm Control

Disabling Broadcast Storm Control

Disabling Multicast Storm Control

Displaying Storm Control


Note For complete syntax and usage information for the switch commands used in this chapter, first look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:

http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html

If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location:

http://www.cisco.com/en/US/products/ps6350/index.html


About Storm Control

This section contains the following subsections:

Hardware-Based Storm Control Implementation

Software-Based Storm Control Implementation

Storm control prevents LAN interfaces from being disrupted by a broadcast storm. A broadcast storm occurs when broadcast packets flood the subnet, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm.

Hardware-Based Storm Control Implementation

Broadcast suppression uses filtering that measures broadcast activity in a subnet over a one-second interval and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of the interval. Broadcast suppression is disabled by default.

Figure 55-1 shows the broadcast traffic patterns on a LAN interface over a given interval. In this example, broadcast suppression occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.

Figure 55-1 Storm Control Example—Hardware-based Implementation

The broadcast suppression threshold numbers and the time interval combination make the broadcast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast packets to pass through.

Broadcast suppression on the Catalyst 4500 series switches is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. If the packet destination address is broadcast, then the broadcast suppression circuitry tracks the current count of broadcasts within the one-second interval, and when a threshold is reached, it filters out subsequent broadcast packets.

Because hardware broadcast suppression uses a bandwidth-based method to measure broadcast activity, the most significant implementation factor is setting the percentage of total available bandwidth that can be used by broadcast traffic. Because packets do not arrive at uniform intervals, the one-second interval during which broadcast activity is measured can affect the behavior of broadcast suppression.

Software-Based Storm Control Implementation

When storm control is enabled on an interface, the switch monitors packets received on the interface and determines whether the packets are broadcast. The switch monitors the number of broadcast packets received within a one-second time interval. When the interface threshold is met, all incoming data traffic on the interface is dropped. This threshold is specified as a percentage of total available bandwidth that can be used by broadcast traffic. If the lower threshold is specified, all data traffic is forwarded as soon as the incoming traffic falls below that threshold.

Enabling Broadcast Storm Control

To enable storm control, perform this task:

 
Command
Purpose

Step 1 

Switch# configure terminal

Enters global configuration mode.

Step 2 

Switch(config)# interface interface-id

Enters interface configuration mode and enter the port to configure.

Step 3 

Switch(config-if)# storm-control 
broadcast level [high level]

Configures broadcast storm control.

Specifies the upper threshold levels for broadcast traffic. The storm control action occurs when traffic utilization reaches this level.

(Optional) Specifies the falling threshold level. The normal transmission restarts (if the action is filtering) when traffic drops below this level for interfaces that support software-based suppression.

Note For ports that perform hardware-based suppression, the lower threshold is ignored.

Note For the Catalyst 4500-X Series Switch, on ports operating at 1Gigabit, thresholds less than 0.02% are not supported.

Step 4 

Switch(config-if)# storm-control action 
{shutdown | trap}

Specifies the action to be taken when a storm is detected.

The default is to filter out the broadcast traffic and not to send out traps.

The shutdown keyword sets the port to error-disable state during a storm. If the recover interval is not set, the port remains in shutdown state.

Step 5 

Switch(config-if)# exit

Returns to configuration mode.

Step 6 

Switch(config)# end

Returns to privileged EXEC mode.

Step 7 

Switch# show storm-control [interface] 
broadcast

Displays the number of packets suppressed.

Step 8 

Switch# copy running-config 
startup-config

(Optional) Saves your entries in the configuration file.

The following example shows how to enable storm control on interface:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface fa3/1
Switch(config-if)# storm-control broadcast level 50
Switch(config-if)# end
 
   
Switch# show storm-control
Interface  Filter State   Broadcast Multicast Level
---------  -------------  --------- --------- -----
Fi3/1      Forwarding     Enabled   Disabled  50.00% 
 
   
Switch# show int fa2/1 capabilities
FastEthernet2/1
  Model:                 WS-X4148-RJ45V-RJ-45
  Type:                  10/100BaseTX
  Speed:                 10,100,auto
  Duplex:                half,full,auto
  Auto-MDIX:             no
  Trunk encap. type:     802.1Q
  Trunk mode:            on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100), hw
  Multicast suppression: percentage(0-100), hw
  Flowcontrol:           rx-(none),tx-(none)
  VLAN Membership:       static, dynamic
  Fast Start:            yes
  CoS rewrite:           yes
  ToS rewrite:           yes
  Inline power:          yes (Cisco Voice Protocol)
  SPAN:                  source/destination
  UDLD:                  yes
  Link Debounce:         no
  Link Debounce Time:    no
  Port Security:         yes
  Dot1x:                 yes
  Maximum MTU:           1552 bytes (Baby Giants)
  Multiple Media Types:  no
  Diagnostic Monitoring: N/A

Enabling Multicast Storm Control

Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, Supervisor Engine 6L-E, Supervisor Engine 7-E, and Supervisor Engine 7L-E support per-interface multicast suppression, which allows you to subject incoming multicast and broadcast traffic to interface-level suppression.


Note Multicast and broadcast suppression share a common threshold per interface. Multicast suppression takes effect only if broadcast suppression is enabled. Disabling broadcast suppression on an interface also disables multicast suppression.


To enable multicast suppression, perform this task:

 
Command
Purpose

Step 1 

Switch# configure terminal

Enters global configuration mode.

Step 2 

Switch(config)# interface interface-id

Enters interface configuration mode and enter the port to configure.

Step 3 

Switch(config-if)# storm-control 
broadcast include multicast

Enables multicast suppression.

Step 4 

Switch(config-if)# exit

Returns to configuration mode.

Step 5 

Switch(config)# end

Returns to privileged EXEC mode.

Step 6 

Switch# show storm-control

Verifies the configuration.

The following example shows how to enable multicast suppression on ports that have broadcast suppression already enabled:

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# int fa3/1
Switch(config-if)# storm-control broadcast include multicast
Switch(config-if)# end
Switch#
Switch# show storm-control
Interface  Filter State   Broadcast Multicast Level
---------  -------------  --------- --------- -----
Fi3/1      Forwarding     Enabled   Enabled   50.00%

Disabling Broadcast Storm Control

To disable storm control, perform this task:

 
Command
Purpose

Step 1 

Switch# configure terminal

Enters global configuration mode.

Step 2 

Switch(config)# interface interface-id

Enters interface configuration mode and enter the port to configure.

Step 3 

Switch(config-if)# no storm-control 
broadcast level 

Disables port storm control.

Step 4 

Switch(config-if)# no storm-control action 
{shutdown | trap}

Disables the specified storm control action and returns to default filter action.

Step 5 

Switch(config-if)# exit

Returns to configuration mode.

Step 6 

Switch(config)# end

Returns to privileged EXEC mode.

Step 7 

Switch# show storm-control broadcast 

Verifies your entries.

Step 8 

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

The following example shows how to disable storm control on interface.

Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# int fa3/1
Switch(config-if)# no storm-control broadcast level 
Switch(config-if)# end
 
   
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Switch#

Disabling Multicast Storm Control

To disable multicast suppression, perform this task:

 
Command
Purpose

Step 1 

Switch# configure terminal

Enters global configuration mode.

Step 2 

Switch(config)# [no] storm-control 
broadcast include multicast

Enables and disables multicast suppression.

Step 3 

Switch(config-if)# no storm-control 
broadcast level

Disables port storm control (broadcast and multicast).

Step 4 

Switch(config-if)# end

Returns to configuration mode.

Step 5 

Switch(config)# end

Returns to privileged EXEC mode.

Displaying Storm Control


Note Use the show interface capabilities command to determine the mode in which storm control is supported on an interface.


The following example shows an interface that supports broadcast suppression in software (sw):

Switch# show int fa2/1 capabilities
FastEthernet2/1
  Model:                 WS-X4148-RJ45V-RJ-45
  Type:                  10/100BaseTX
  Speed:                 10,100,auto
  Duplex:                half,full,auto
  Auto-MDIX:             no
  Trunk encap. type:     802.1Q
  Trunk mode:            on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100), hw
  Multicast suppression: percentage(0-100), hw
  Flowcontrol:           rx-(none),tx-(none)
  VLAN Membership:       static, dynamic
  Fast Start:            yes
  CoS rewrite:           yes
  ToS rewrite:           yes
  Inline power:          yes (Cisco Voice Protocol)
  SPAN:                  source/destination
  UDLD:                  yes
  Link Debounce:         no
  Link Debounce Time:    no
  Port Security:         yes
  Dot1x:                 yes
  Maximum MTU:           1552 bytes (Baby Giants)
  Multiple Media Types:  no
  Diagnostic Monitoring: N/A

Note Use the show interfaces counters storm-control command to display a count of discarded packets.


Switch# show interfaces counters storm-control
Port         Broadcast   Multicast           Level    TotalSuppressedPackets
Fa2/1          Enabled    Disabled          10.00%              46516510
Gi3/1          Enabled     Enabled          50.00%                     0
 
   
Switch# show storm-control
Interface  Filter State   Broadcast Multicast Level
---------  -------------  --------- --------- -----
Fa2/1      Blocking       Enabled   Disabled   10.00%   
Gi3/1      Link Down      Enabled   Enabled    50.00%