Hello @Thibault_1,

Storm control will take action when the broadcast or multicast traffic rate exceeds the specified threshold (10% in your case). If the current traffic rate is below this threshold, storm control won't take any action, and you won't see any entries in the "Interface Filter State" output. Then follow @Flavio Miranda and apply a lower value, 1 or 2.

In addition to what others posted do you know the time frame of those broadcast. Did you clear the counters on that interface and monitor to see how quickly it goes up. 

Received 68976 broadcasts (0 multicasts) 

Is a lot of broadcasts but if the counters have never been cleared and assessed and the switch has been up for 6 years 4 months 21 days 3 hours 5 minutes and 16 seconds then its probably not a big deal. 

Secondly your counters say 0 multicasts so your multicast likely wont catch anything anyway.

-David

Hi everyone,

Thank you for your helpful feedbacks ! Here are some responses :

@Flavio Miranda the strange part for me is that the sh storm-controll output doesn't count the broadcast as the "current" collumn displays 0.

M02@rt37  given the numbers, it is exceeding the thresold : it is now a 88.6% with the fresh values

163481 (packets input, 17908420 bytes, 0 no buffer Received 144882 broadcasts (0 multicasts)

@David Ruess I've cleared the counters 24H before posting the first message. I have no comparison yet to tell if the number is a lot or not, but it looks annormal that 88% of the traffic is broadcast.

I agree with the multicast parameter, that is useless in that case.

I down the thresold to 1 and see what happens.

Many thanks!

"I'm setting up my first storm control because I suspect a broadcast issue on a specific interface :"

Well, if indeed 90% of your packets are broadcast, I can see why you believe you might think you have a broadcast issue, but those same stats show a zero ingress rate.

What you also want to know, is what's the percentage of bandwidth being used by these broadcasts.

What you're trying to ascertain, is your broadcast rate abnormally high?  Is it beyond what one would expect for the number of hosts and the network applications using it.

The major problem with "storm controls", it's like being in a sinking lifeboat because it has too many passengers.  So, to keep the lifeboat from sinking, you start to randomly throw some passengers out of the boat.  I.e. your choice is everyone drowns or some drown!  (Some choice - not too bad, if you're not heaved out of the lifeboat, though.)

If you have too many broadcasts, first you need to determine if they are valid.  If not, find the cause of the invalid broadcasts, and fix that.  If valid, mitigate, which might include configuration changes on hosts and/or further segmentation of your network (broadcasts are why we don't all run our LAN network as one big /16).

"I tried to look for the best practise"

Best practice:

Set values well above whatever you believe is the expected normal level of broadcasts, but ideally low enough, your network doesn't sink.

Monitor storm-control getting triggered.

If triggered, resolve cause and/or mitigate to acceptable levels.

Hi,

Thank you for your feedback @Joseph W. Doherty 

I understand your words, but here is the problem I try to solve : a device on the subnet doesn't react properly. I wonder if it's not because he revieces to much broadcast and cannot follow. It is not easy to change the subnet because everything is already configured on site.

I would like to make sure the broadcasting device does not disturb my other device, so I've blocked the broadcast by setting the level to 0. I was able to see the storm control triggered as the "current" value does not change.

**bleep** ! Although I've read the cisco note I must have missed that ! It explains everything !

I'll wait monday to have the results of the tests.