09-22-2022 12:40 AM
Hello,
On my switch (9200), I have several alert (every 2 minutes) regarding multicast packet. These ports are member of 2 port-channel to connect our VMware ESX. The configuration of the swith is :
!
interface Port-channel10
Description vSwitch_ESX1
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface Port-channel12
Description vSwitch_ESX2
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/1
description ESX1_vmnic2
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
channel-group 10 mode on
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
description ESX_ESX2_vmnic5
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
storm-control action trap
channel-group 12 mode on
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/1
description ESX1_vmnic2
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
channel-group 10 mode on
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
description ESX_ESX2_vmnic5
switchport trunk allowed vlan 2,6,10,14,1000,4000
switchport mode trunk
switchport nonegotiate
storm-control broadcast level bps 1
storm-control multicast level bps 1
storm-control action trap
channel-group 12 mode on
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
!
For exemple, ESX1 (Port-Channel 10) is new ESXI with only 1 virtual server running on it at the moment (PRTG monitoring tool). Is-it normal to have these messages and how I can find the server who send multicast trafic on the network ?
BR
Jerome
Logs :
Sep 22 09:33:36.015: %STORM_CONTROL-5-ABATED: A Multicast storm abated on Gi1/0/5. Packet filter does not apply on the interface.
Sep 22 09:35:28.536: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi1/0/1. A packet filter action has been applied on the interface.
Sep 22 09:35:31.603: %STORM_CONTROL-5-ABATED: A Multicast storm abated on Gi1/0/1. Packet filter does not apply on the interface.
Sep 22 09:35:31.605: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi1/0/5. A packet filter action has been applied on the interface.
Sep 22 09:35:31.606: %STORM_CONTROL-3-TRAP: A packet storm was detected on Multicast. Sending SNMP trap.
Sep 22 09:35:35.698: %STORM_CONTROL-5-ABATED: A Multicast storm abated on Gi1/0/5. Packet filter does not apply on the interface.
Sep 22 09:37:28.184: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi1/0/1. A packet filter action has been applied on the interface.
Sep 22 09:37:32.274: %STORM_CONTROL-5-ABATED: A Multicast storm abated on Gi1/0/1. Packet filter does not apply on the interface.
Sep 22 09:37:32.275: %STORM_CONTROL-3-FILTERED: A Multicast storm detected on Gi1/0/5. A packet filter action has been applied on the interface.
Sep 22 09:37:32.275: %STORM_CONTROL-3-TRAP: A packet storm was detected on Multicast. Sending SNMP trap.
Sep 22 09:37:36.363: %STORM_CONTROL-5-ABATED: A Multicast storm abated on Gi1/0/5. Packet filter does not apply on the interface
09-22-2022 02:41 AM
You need increase below values what best suites for your environment :
because of the value i believe you getting alerts, so increase to best optimal.
torm-control broadcast level bps 1 <-- this is too low
storm-control multicast level bps 1 <-- this is too low
check some guidance what TAC suggested.
https://community.cisco.com/t5/switching/storm-control-thresholds/td-p/707264
some other reference :
09-22-2022 07:28 PM
storm-control multicast level bps {max} {threshold}
if = max will action shutdown or reject
if = threshold will drop random
storm-control multicast level bps 50 30
50% 30%
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide