Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
6
Helpful
4
Replies

Storm control level recommendation

Devendra Goswami
Level 1
Level 1

‎10-26-2025 04:33 AM - last edited on ‎10-26-2025 07:42 AM by Community Manager

Hi friends,

Please suggest the appropriate storm control level configuration for both Catalyst(9k) and Nexus(9k) switches. Up to what level can switches function without any issue? Didn't find any recommended or best practice documents.
Thanks

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-26-2025 04:42 AM

There is no best practice; you need to understand the network and tune based on the outcome of the network and case by case.

cat 9K guide :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-9/configuration_guide/sec/b_179_sec_9300_cg/configuring_port_based_traffic_control.html

good discussion on the context :

https://community.cisco.com/t5/switching/recommended-levels-for-storm-control/td-p/4186816

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

M02@rt37
VIP
VIP

‎10-26-2025 04:45 AM

Hello @Devendra Goswami 

Ideal threshold depend on your network’s normal broadcast, multicast, and unknown unicast traffic patterns...

In practice, start with about 10–20% of link bandwitdh on access ports ::to protect against host storms...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-26-2025 09:40 AM

As the others have already noted, there's no specific recommended best practice percentages because what's normal and what's too much varies per subnet.

As I noted (years ago) in the one  reference that @balaji.bandi provides, when such bandwidth limiters are exceeded, "good" traffic is usually impacted too.  So, to your question to what level can switches function without issue, is an "it depends".  Once they trigger, legitimate traffic may be impacted but there may have been no need to trigger.  Conversely, if not triggered when actually needed, you have issues too.  It's offen difficult to find the "just right" values; which, again, may be different on each subnet.

Keep in mind, unicast or multicast flooding often isn't as impactful as broadcast flooding.  The latter is so impactful because the host needs to accept and analyze broadcast frames/packets; they cannot be (address) filtered by hardware or as easily filtered by software.

Switch interfaces, too, need analyze broadcasts, but something more common than possibly years ago is CoPP to rate limit traffic to the switch's CPU.

0 Helpful

David Ruess
VIP
VIP

‎10-27-2025 04:59 AM

Hello,

 

When we implemented it in our network we had to set a baseline and monitor it. After we found some traffic being blocked we adjusted accordingly. Higher speed interfaces would get a higher limit naturally.

Sometimes the best practice is the one that fits your network needs

 

-David

Customers Also Viewed These Support Documents