09-04-2008 10:42 PM - edited 03-06-2019 01:12 AM
Hi,
what is the definition for a broadcast storm, and how can i check afterwards if there was an broadcast storm event during the night? Is a high cpu utilization the only hint, or can i see ports in err-disable state?
Tia,
Stephan
09-04-2008 11:04 PM
A broadcast storm occurs when broadcast or multicast packets flood the subnet, creating excessive traffic and degrading network performance.
One way to identify is you can have your switch automatically try to enable a port that has been placed in an error-disable state because of broadcast storm using the command " errdisable recovery cause storm-control". then look at the show logg to troubleshoot the error.
Francisco.
09-04-2008 11:40 PM
Hi Francisco,
when is broadcast defined as a storm? And what is the behavior of a switch with no storm-control configured, and how can i determine if a broadcast storm has occured when no storm-control is configured?
Stephan
09-04-2008 11:59 PM
Stephan,
To understand broacast storm better inclduing configuring strom control and Threshold levels, see http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swtrafc.html#wp1085954.
By default is it disable on a switch. Normally if a switch is under broadcast attack, the CPU usage will increase since broadcast traffic is process in software. Under sh cpu, one of the processes to search for is ARP Input. if you see this process using lots of CPU, then your switch might be under attack
see http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af6.shtml#arp
pls kindly rate.
Francisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide