Cisco

Manage network broadcasts on Cisco switches using storm control

It's important to protect your organization's LAN from broadcast storms, which can cause network slowdowns if they become severe. David Davis explains how you can easily and quickly defend your network by configuring storm control on each Cisco switch interface.

Network broadcasts can create a huge amount of traffic on your organization's network. When one device sends out a single broadcast, that broadcast goes to all devices on the subnet or VLAN.

How can you manage these broadcasts to make your network more efficient? One method is to use Cisco Catalyst broadcast suppression—also known as storm control.

Broadcasts are a natural part of the TCP/IP suite of applications. A broadcast is a packet sent to ALL HOSTS or ALL HOSTS ON A SUBNET.

A packet sent to all hosts has a destination IP address of 255.255.255.255. A packet sent to all hosts on a subnet is a directed broadcast, and it goes to a specific destination—for example, 10.1.1.255.

Some necessary protocols such as Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) use broadcasts, so they aren't something you can just throw out. What you can do is suppress excessive broadcasts on your network using storm control.

Configure storm control

It's important to protect your organization's LAN from broadcast storms, which can cause network slowdowns if they become severe. With the Cisco IOS, you can easily and quickly protect your network by configuring a single command on each switch interface.

You can configure storm control on most Cisco Catalyst platforms. (On older platforms, Cisco calls it broadcast suppression.) The Cisco IOS disables broadcast suppression by default.

Storm control manages how the receiving port handles the broadcast. You can configure a threshold to drop broadcasts for a certain period of time or until the broadcast flow slows down.

By default, the switch only drops the broadcast packets. In addition, you can shut down the port or send a SNMP trap to your management station.

Here's how to configure storm control on a Catalyst 2950 switch:

Switch(config)# int fa0/19
Switch(config-if)# storm-control broadcast level 50
Switch(config-if)# storm-control action trap

The first command—storm-control broadcast—is the only required command. The storm-control action trap command is optional, as is shutting down the port, which requires the storm-control action shutdown command.

This example has nothing to do with regular unicast or multicast traffic. However, you can configure storm control for both unicast and multicast traffic by substituting unicast or multicast for broadcast in the command.

Once you've configured storm control, you can check the status of the configuration with the show storm-control broadcast command. Here's an example of the output:

Switch# show storm-control broadcast 
Interface Filter State Trap State  Upper    Lower  Current  Traps Sent
--------- ------------  ---------  -----    -----  -------  ---------
Fa0/1     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/2     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/3     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/4     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/5     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/6     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/7     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/8     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/9     inactive    inactive     100.00%  100.00%    N/A     0
Fa0/10    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/11    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/12    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/13    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/14    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/15    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/16    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/17    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/18    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/19    Forwarding  Below rising 50.00%   50.00%     0.00%   0
Fa0/20    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/21    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/22    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/23    inactive    inactive     100.00%  100.00%    N/A     0
Fa0/24    inactive    inactive     100.00%  100.00%    N/A     0
Switch#

For more technical information on Cisco Catalyst Storm Control, check out Cisco's "Configuring Storm Control" documentation.

Are you familiar with storm control? Have you used it before on your network? What other steps have you taken to protect your LAN? Share your experiences in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

0 comments

Editor's Picks