Configuring Storm Control

This chapter describes how to configure port-based traffic control on a switch and consists of these sections:

note.gif

Noteblank.gif For complete syntax and usage information for the switch commands used in this chapter, see the
Cisco IOS Command Reference Guides for the Catalyst 4500 Series Switch.

If a command is not in the Cisco Catalyst 4500 Series Switch Command Reference , you can locate it in the Cisco IOS Master Command List, All Releases.


About Storm Control

This section contains the following subsections:

Storm control prevents LAN interfaces from being disrupted by a broadcast storm. A broadcast storm occurs when broadcast packets flood the subnet, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm.

Hardware-Based Storm Control Implementation

Broadcast suppression uses filtering that measures broadcast activity in a subnet over a one-second interval and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of the interval. Broadcast suppression is disabled by default.

Figure 65-1 shows the broadcast traffic patterns on a LAN interface over a given interval. In this example, broadcast suppression occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.

Figure 65-1 Storm Control Example—Hardware-based Implementation

 

s5706.ps

The broadcast suppression threshold numbers and the time interval combination make the broadcast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast packets to pass through.

Broadcast suppression on the Catalyst 4500 series switches is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. If the packet destination address is broadcast, then the broadcast suppression circuitry tracks the current count of broadcasts within the one-second interval, and when a threshold is reached, it filters out subsequent broadcast packets.

Because hardware broadcast suppression uses a bandwidth-based method to measure broadcast activity, the most significant implementation factor is setting the percentage of total available bandwidth that can be used by broadcast traffic. Because packets do not arrive at uniform intervals, the one-second interval during which broadcast activity is measured can affect the behavior of broadcast suppression.

Software-Based Storm Control Implementation

When storm control is enabled on an interface, the switch monitors packets received on the interface and determines whether the packets are broadcast. The switch monitors the number of broadcast packets received within a one-second time interval. When the interface threshold is met, all incoming data traffic on the interface is dropped. This threshold is specified as a percentage of total available bandwidth that can be used by broadcast traffic. If the lower threshold is specified, all data traffic is forwarded as soon as the incoming traffic falls below that threshold.

note.gif

Noteblank.gif A Cisco Catalyst 4500-X series switch checks for a broadcast storm in real-time, too. When a broadcast storm occurs on a Cisco Catalyst 4500-X series switch and the threshold is reached within a fraction of a second, the broadcast is suppressed. This behavior on Cisco Catalyst 4500-X series switches is in addition to the hardware-based storm control and software-based storm control described earlier.


Enabling Broadcast Storm Control

To enable storm control, perform this task:

 

Command or Action
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface-id

Enters interface configuration mode and enters the port to configure.

Step 3

Switch(config-if)# storm-control broadcast level { high-level | bps bps [ k | m | g ] | pps pps [ k | m | g ]}

Configures broadcast storm control. The keywords and arguments are described here.

  • high-level —Specifies the upper threshold levels for broadcast traffic as a percentage (up to two decimal places) of the bandwidth. The port blocks traffic that exceeds this level. The range is from 0 to 100.
note.gif

Noteblank.gif For the Catalyst 4500-X Series Switch, on ports operating at 1Gigabit, thresholds less than 0.02% are not supported.


  • bps bps —Specifies the threshold level for broadcast traffic in bits per second (bps) (up to one decimal place). The port blocks only the traffic that exceeds this level. The range is 0.0 to 10000000000.0.
  • pps pps —Specifies the threshold level for broadcast traffic in packets per second (pps) (up to one decimal place). The port blocks all traffic when traffic utilization exceeds this level. The range is 0.0 to 10000000000.0.
  • (Optional) [ k | m | g ]—Specifies the metric suffixes for large number thresholds, in bps and pps settings.

Step 4

Switch(config-if)# storm-control action { shutdown | trap }

Specifies the action to be taken when a storm is detected.

The default is to filter out the broadcast traffic and not to send out traps.

The shutdown keyword sets the port to the error-disable state during a storm. If the recover interval is not set, the port remains in shutdown state.

Step 5

Switch(config-if)# exit

Returns to configuration mode.

Step 6

Switch(config)# end

Returns to privileged EXEC mode.

Step 7

Switch# show storm-control [ interface ] broadcast

Displays the number of packets suppressed.

Step 8

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

This example shows how to enable storm control on an interface and verify configuration:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# storm-control broadcast level bps 100k
Switch(config-if)# end
 
Switch# show storm-control gigabitethernet 2/1
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Gi2/1 Link Down Enabled Disabled 100k bps
 
Switch# show interfaces counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Gi2/1 Enabled Disabled 100k bps 0
 
Switch# show interface gigabitethernet 2/1 capabilities
GigabitEthernet2/1
Model: WS-X4648-RJ45V+E-RJ-45
Type: 10/100/1000-TX
Speed: 10,100,1000,auto
Duplex: half,full,auto
Auto-MDIX: yes
EEE: no
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100), hw
Multicast suppression: percentage(0-100), hw
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership: static, dynamic
Fast Start: yes
CoS rewrite: yes
ToS rewrite: yes
Inline power: yes (Cisco Voice Protocol/IEEE Protocol 802.3af)
SPAN: source/destination
UDLD: yes
Link Debounce: no
Link Debounce Time: no
Port Security: yes
Dot1x: yes
Maximum MTU: 9198 bytes (Jumbo Frames)
Multiple Media Types: no
Diagnostic Monitoring: N/A

Enabling Multicast Storm Control

Per-interface multicast suppression, which allows you to subject incoming multicast and broadcast traffic to interface-level suppression.

note.gif

Noteblank.gif Multicast and broadcast suppression share a common threshold per interface. Multicast suppression takes effect only if broadcast suppression is enabled. Disabling broadcast suppression on an interface also disables multicast suppression.


To enable multicast suppression, perform this task:

 

Command or Action
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface-id

Enters interface configuration mode and specifies the port to be configured.

Step 3

Switch(config-if)# storm-control broadcast include multicast

Enables multicast suppression.

Step 4

Switch(config-if)# exit

Returns to configuration mode.

Step 5

Switch(config)# end

Returns to privileged EXEC mode.

Step 6

Switch# show storm-control [ interface ] multicast

Verifies the configuration.

This example shows how to enable multicast suppression on ports that already have broadcast suppression enabled:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# storm-control broadcast include multicast
Switch(config-if)# end
 
Switch# show storm-control gigabitethernet 2/1
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Gi2/1 Forwarding Enabled Enabled 50.00%
 
Switch# show interface counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Gi2/1 Enabled Enabled 50.00% 0
 

Disabling Broadcast Storm Control

To disable storm control, perform this task:

 

Command or Action
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface-id

Enters interface configuration mode and specifies the port to be configured.

Step 3

Switch(config-if)# no storm-control broadcast level

Disables port storm control.

Step 4

Switch(config-if)# no storm-control action { shutdown | trap }

Disables the specified storm control action and returns to default filter action.

Step 5

Switch(config-if)# exit

Returns to configuration mode.

Step 6

Switch(config)# end

Returns to privileged EXEC mode.

Step 7

Switch# show storm-control broadcast

Verifies your entries.

Step 8

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

This example shows how to enable multicast suppression on ports that already have broadcast suppression enabled:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 2/1
Switch(config-if)# storm-control broadcast include multicast
Switch(config-if)# end
 
Switch# show storm-control gigabitethernet 2/1
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Gi2/1 Forwarding Enabled Enabled 50.00%
 
Switch# show interface counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Gi2/1 Enabled Enabled 50.00% 0
 

Disabling Multicast Storm Control

To disable multicast suppression, perform this task:

 

Command or Action
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# [no] storm-control broadcast include multicast

Enables and disables multicast suppression.

Step 3

Switch(config-if)# no storm-control broadcast level

Disables port storm control (broadcast and multicast).

Step 4

Switch(config-if)# exit

Returns to configuration mode.

Step 5

Switch(config)# end

Returns to privileged EXEC mode.

Displaying Storm Control

Use the show interface capabilities command to determine the mode in which storm control is supported in an interface.

This example shows how an interface that supports broadcast suppression in software:

Switch# show interface gigabitethernet 2/1 capabilities
GigabitEthernet2/1
Model: WS-X4648-RJ45V-E-RJ-45
Type: 10/100/1000-TX
Speed: 10,100,1000,auto
Duplex: half,full,auto
Auto-MDIX: yes
EEE: no
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100), hw
Multicast suppression: percentage(0-100), hw
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
VLAN Membership: static, dynamic
Fast Start: yes
CoS rewrite: yes
ToS rewrite: yes
Inline power: yes (Cisco Voice Protocol/IEEE Protocol 802.3af)
SPAN: source/destination
UDLD: yes
Link Debounce: no
Link Debounce Time: no
Port Security: yes
Dot1x: yes
Maximum MTU: 9198 bytes (Jumbo Frames)
Multiple Media Types: no
Diagnostic Monitoring: N/A
 

Use the show interfaces counters storm-control command to display a count of discarded packets.

Switch# show interfaces counters storm-control
Port Broadcast Multicast Level TotalSuppressedPackets
Fa3/1 Enabled Disabled 10.00% 46516510
Gi2/1 Enabled Enabled 50.00% 0
 
Switch# show storm-control
Interface Filter State Broadcast Multicast Level
--------- ------------- --------- --------- -----
Fa3/1 Blocking Enabled Disabled 10.00%
Gi2/1 Link Down Enabled Enabled 50.00%