cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16707
Views
0
Helpful
19
Replies

How to limit broadcast traffic on a 3560 switchport ?

jesper_fr
Level 1
Level 1

Hi all,

How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps   

Best regards,

Jesper

19 Replies 19

cadet alain
VIP Alumni
VIP Alumni

Hi,

http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

use the keyword trap to not shutdown the port.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

I can't find anything regarding this isue in the link you posted.

Regards,

Jesper

Hi Jesper,

You can drop or limit your broadcast&multicast traffic per link basis.

The extended information can be found at the below link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/storm.html

Basically,

You can go to your interface and check storm-control commands like below

SW4(config-if)#storm-control broadcast level ?

  <0.00 - 100.00>  Enter rising threshold

  bps              Enter suppression level in bits per second

  pps              Enter suppression level in packets per second

For example, you can limit your broadcast traffic due to PPS or BPS.

Best Regards,

-Mert

Hi Mert,

I have now configured the following:

interface GigabitEthernet0/1

switchport mode access

storm-control broadcast level pps 5k

storm-control multicast level pps 5k

storm-control action trap

should this config block or drop broadcast/multicast if the number of packets exceed 5000 pps ? or will it only send a trap ?

Best regards,

Jesper

Hi,

it will send a trap only but you'll have to configure your device for snmp too to send these.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

My problem is that the WAN provider shut down the port on their router for 5 minuts if a broadcast og multicast storm is detected (more than 10K pps) I wan't to prevent this for happening by blokcing broadcast traffic before it reaches the WAN router. Isn't it possible do that ?

Here is what I see in the log when it happens (Gi0/1 is the port towards the WAN):

Dec 18 04:28:37: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi0/2. A packet filter action has been applied on the interface.

Dec 18 04:28:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

Dec 18 04:28:40: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down

Dec 18 04:33:42: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

Dec 18 04:33:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

according to the log, the config i made does NOT block multicast storm:

interface GigabitEthernet0/1

description data_towards_WAN

switchport mode access

storm-control broadcast level pps 5k

storm-control multicast level pps 5k

Best regards,

Jesper

Hi Jesper,

I just realized I had told you incorrect information: the default action is to drop traffic and if the action trap is configured it will also send a snmp trap when the threshold is crossed.

Indeed your config is not blocking the port( it would go into errdisabled mode anyway and you would see a log indicating it).

Regards.

Alain

Don't forget to rate helpful posts.

Hi Alain,

According to Cisco:

Storm control uses one of these methods to measure traffic activity:

Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic

Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received.

Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received.

Traffic rate in packets per second and for small frames. This feature is enabled globally. The threshold for small frames is configured for each interface.

With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.

If the above is correct, then the traffic should be blocked, and the port should NOT go into errordisable, just block the traffic that exceeds the configured threshold, in my case 5K pps. It seems that the traffic that exceeds 5K pps is NOT blocked in my case. Can it be due to a old software (12.2.25) ?

Regards,

Jesper

Hi,

yes your port is not going into errdisable and it should block traffic

It seems that the traffic that exceeds 5K pps is NOT blocked in my case

What makes you think this way ? Because the port goes down then back up ? Your ISP would block it( 5 mins) if the traffic exceeded 10 pps but here the link goes up again after 5 secs.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

According to my calculater it's 5 minuts and NOT 5 sec.

from 04:28:39 to 04:33:43 = 5 min.and 4 sec.

Dec 18 04:28:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

Dec 18 04:28:40: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down

Dec 18 04:33:42: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

That's why I think that the broadcast/multicast that exceeds 5K pps is not blocked.

Best regards,

Jesper

Hi,

Yep you're right.I can't even differentiate minutes and second 

That's weird because your storm-control filtering  was fired up according to your log

One thing though is that as far as i know dstorm-control is for received traffic not transmitted traffic and if i understand your problem you don't want to send more than 5k pps of broadcast/multicast traffic out this port so i think you'll need another feature to achieve what you want. What kind of traffic is this ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

According to the log it's a multicaststorm that is detected.

I have configured stormcontrol on both interfaces (uplink to the switch and towards the WAN:

interface GigabitEthernet0/1

description data_towards_WAN

switchport mode access

storm-control broadcast level pps 5K

storm-control multicast level pps 5K

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3

switchport mode trunk

storm-control broadcast level pps 5K

storm-control multicast level pps 5K

spanning-tree link-type point-to-point

Accordig to Cisco, broadcast at multicast traffic that exceeds 5K in my case should be blocked, but it seems that this is not the case here. In the log it says "A packet filter action has been applied on the interface" but i doesn't seem to work as it should. It still forward the traffic exceeding 5K pps (the WAN provider port goes into errordisable when receiving more than 10K pps of broadcast or multicast

Regards,

Jesper

Hi,

per my understanding, the config applied to wan link will have no effect for trnsmitted traffic to wan router.

Is there other connected port in addition to the uplink trunk ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

There is only one uplink trunk to the switch (Gi0/2)

I expected that both ports Gi0/1 (WAN port), and Gi0/2 (Uplink port) would block incomming broadcast and multicast traffic that exceeds 5K pps.

Regards,

Jesper

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: