Just wondering if anyone has encountered this problem before.
I have tested this on a 2950, 2960 and 3560 and they all seem to react the same
When we have devices connected to ports with Unicast storm controll enabled traffic passes without any problems. as soon as we start a SCP file transfer it triggers unicast storm controll. All other forms of file transfer works fine.
Here is the sw version info from the 2960 I just tested it on
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 24 WS-C2960G-24TC-L 12.2(58)SE2 C2960-LANBASEK9-M
I have confirmed that both devices mac addresses are visible and valid in the mac address table.
May 2 14:30:14.262 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.
May 2 14:30:27.348 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.
May 2 14:33:55.746 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.
switchport trunk allowed vlan 2128
switchport mode trunk
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control unicast level 10.00
sw12-srv.alb#sho storm-control unicast
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ----------
Gi0/21 Forwarding 10.00% 10.00% 9.96%
Are you sure it's not just utilization is hitting the target level? Maybe because SCP is encrypted, the overhead is pushing the utilization higher than the other copying methods?
Try checking the utilization, try increasing the storm-control amount to see if it still happens at 15% or 20%?
It seems that the switch sees all SCP traffic as a unicast flood even though the source and destination mac addresses are known to the switch.
If I copy a file using FTP transfer I can transfer between server and client as fast as the network will allow and "sho storm-control unicast " shows the unicast storm level to be 0%. As soon as I change over to SCP it registers all the SCP traffic as unicast flood.
I want to enable flood protection on the network as that sometimes does get triggered for valid reasons, but if I do it, it will break other things like when our systems guys have to vmotion a host across the network.
Also some of customers will be using SCP to copy files and I do not want to impact legitimate traffic. My concern is that I have now identified this as a problem so who knows what other protocols will also trigger Unicast storm control.
Looks like I will have to log a tac case on this, was just wondering if anyone else came across this.