12-17-2012 05:38 AM - edited 03-07-2019 10:39 AM
Hi all,
How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps
Best regards,
Jesper
12-17-2012 05:46 AM
Hi,
use the keyword trap to not shutdown the port.
Regards.
Alain
Don't forget to rate helpful posts.
12-17-2012 05:59 AM
Hi Alain,
I can't find anything regarding this isue in the link you posted.
Regards,
Jesper
12-17-2012 06:13 AM
Hi Jesper,
You can drop or limit your broadcast&multicast traffic per link basis.
The extended information can be found at the below link:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/storm.html
Basically,
You can go to your interface and check storm-control commands like below
SW4(config-if)#storm-control broadcast level ?
<0.00 - 100.00> Enter rising threshold
bps Enter suppression level in bits per second
pps Enter suppression level in packets per second
For example, you can limit your broadcast traffic due to PPS or BPS.
Best Regards,
-Mert
12-17-2012 07:07 AM
Hi Mert,
I have now configured the following:
interface GigabitEthernet0/1
switchport mode access
storm-control broadcast level pps 5k
storm-control multicast level pps 5k
storm-control action trap
should this config block or drop broadcast/multicast if the number of packets exceed 5000 pps ? or will it only send a trap ?
Best regards,
Jesper
12-17-2012 09:54 AM
Hi,
it will send a trap only but you'll have to configure your device for snmp too to send these.
Regards.
Alain
Don't forget to rate helpful posts.
12-17-2012 09:54 PM
Hi Alain,
My problem is that the WAN provider shut down the port on their router for 5 minuts if a broadcast og multicast storm is detected (more than 10K pps) I wan't to prevent this for happening by blokcing broadcast traffic before it reaches the WAN router. Isn't it possible do that ?
Here is what I see in the log when it happens (Gi0/1 is the port towards the WAN):
Dec 18 04:28:37: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi0/2. A packet filter action has been applied on the interface.
Dec 18 04:28:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Dec 18 04:28:40: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Dec 18 04:33:42: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
Dec 18 04:33:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
according to the log, the config i made does NOT block multicast storm:
interface GigabitEthernet0/1
description data_towards_WAN
switchport mode access
storm-control broadcast level pps 5k
storm-control multicast level pps 5k
Best regards,
Jesper
12-17-2012 11:39 PM
Hi Jesper,
I just realized I had told you incorrect information: the default action is to drop traffic and if the action trap is configured it will also send a snmp trap when the threshold is crossed.
Indeed your config is not blocking the port( it would go into errdisabled mode anyway and you would see a log indicating it).
Regards.
Alain
12-17-2012 11:49 PM
Hi Alain,
According to Cisco:
Storm control uses one of these methods to measure traffic activity:
•Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic
•Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received.
•Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received.
•Traffic rate in packets per second and for small frames. This feature is enabled globally. The threshold for small frames is configured for each interface.
With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.
If the above is correct, then the traffic should be blocked, and the port should NOT go into errordisable, just block the traffic that exceeds the configured threshold, in my case 5K pps. It seems that the traffic that exceeds 5K pps is NOT blocked in my case. Can it be due to a old software (12.2.25) ?
Regards,
Jesper
12-18-2012 12:02 AM
Hi,
yes your port is not going into errdisable and it should block traffic
It seems that the traffic that exceeds 5K pps is NOT blocked in my case
What makes you think this way ? Because the port goes down then back up ? Your ISP would block it( 5 mins) if the traffic exceeded 10 pps but here the link goes up again after 5 secs.
Regards.
Alain
Don't forget to rate helpful posts.
12-18-2012 12:09 AM
Hi Alain,
According to my calculater it's 5 minuts and NOT 5 sec.
from 04:28:39 to 04:33:43 = 5 min.and 4 sec.
Dec 18 04:28:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Dec 18 04:28:40: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Dec 18 04:33:42: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
That's why I think that the broadcast/multicast that exceeds 5K pps is not blocked.
Best regards,
Jesper
12-18-2012 12:27 AM
Hi,
Yep you're right.I can't even differentiate minutes and second
That's weird because your storm-control filtering was fired up according to your log
One thing though is that as far as i know dstorm-control is for received traffic not transmitted traffic and if i understand your problem you don't want to send more than 5k pps of broadcast/multicast traffic out this port so i think you'll need another feature to achieve what you want. What kind of traffic is this ?
Regards.
Alain
Don't forget to rate helpful posts.
12-18-2012 12:37 AM
Hi Alain,
According to the log it's a multicaststorm that is detected.
I have configured stormcontrol on both interfaces (uplink to the switch and towards the WAN:
interface GigabitEthernet0/1
description data_towards_WAN
switchport mode access
storm-control broadcast level pps 5K
storm-control multicast level pps 5K
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3
switchport mode trunk
storm-control broadcast level pps 5K
storm-control multicast level pps 5K
spanning-tree link-type point-to-point
Accordig to Cisco, broadcast at multicast traffic that exceeds 5K in my case should be blocked, but it seems that this is not the case here. In the log it says "A packet filter action has been applied on the interface" but i doesn't seem to work as it should. It still forward the traffic exceeding 5K pps (the WAN provider port goes into errordisable when receiving more than 10K pps of broadcast or multicast
Regards,
Jesper
12-18-2012 12:46 AM
Hi,
per my understanding, the config applied to wan link will have no effect for trnsmitted traffic to wan router.
Is there other connected port in addition to the uplink trunk ?
Regards.
Alain
Don't forget to rate helpful posts.
12-18-2012 12:54 AM
Hi Alain,
There is only one uplink trunk to the switch (Gi0/2)
I expected that both ports Gi0/1 (WAN port), and Gi0/2 (Uplink port) would block incomming broadcast and multicast traffic that exceeds 5K pps.
Regards,
Jesper
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide