cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
165
Views
2
Helpful
2
Replies

Apply Storm Control Core Switch to ASA Firewall

johnlloyd_13
Level 9
Level 9

hi,

i'll be applying storm control in one of our facility switch fabric.

is it a good idea or "best practice" to apply storm control in the core switch port-channel (po101) interface facing the ASA FW which is also using port-channel interface (po1)? refer sample drawing below.

or do i just apply storm control only in the core switch trunk/port-channel facing the access/downstream switch?

johnlloyd_13_0-1727751929580.png

2 Replies 2

M02@rt37
VIP
VIP

Hello @johnlloyd_13 

Applying storm control on the core switch port-channel interface (Po101 in you case) facing the ASA firewall (Po1) may not be ideal, as firewalls typically handle traffic differently from downstream switches, and overly aggressive storm control could inadvertently block legitimate traffic during bursts.

It's a better practice to apply storm control on trunk port-channels facing downstream access switches, where broadcast, multicast, or unicast storms are more likely to originate. This ensures that you protect the core network from potential issues while allowing critical inter-device communication, like between the firewall and the core, to flow uninterrupted.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

johnlloyd_13
Level 9
Level 9

hi,

thanks for validating my concern!

is there a doc or link that would support this?

it's hard to find docs and best practice related to storm control.

Review Cisco Networking for a $25 gift card