No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Storm Control

Configuring Storm Control

Context

Excess broadcast, unknown multicast, or unknown unicast packets have a significant impact on network devices. To limit the rate of these packets, configure storm control on the interface that receives these packets.

NOTE:

For the S series cards, when the storm control mode is bytes or percentage, the switch calculates the packet rate in bytes or percentage using the packet length as 64 bytes and inter-frame gap as 20 bytes. If the packet length is not 64 bytes, the calculated packet rate may be inaccurate. Therefore, the pps mode is recommended for S series cards.

When Jumbo frames are received by an interface, the bytes mode is recommended.

When detecting unicast packets, a switch does not distinguish unknown unicast packets from known unicast packets. The packet rate detected is the sum of the rates of unknown and known unicast packets. When the storm control action is block, the switch blocks only the unknown unicast packets. This rule also applies to multicast packets.

Pre-configuration Tasks

Before configuring the storm control function, configure link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run storm-control { broadcast | multicast | unicast } min-rate min-rate-value max-rate max-rate-value

    or storm-control { broadcast | multicast | unicast } min-rate cir min-rate-value-cir max-rate cir max-rate-value-cir or storm-control { broadcast | multicast | unicast } min-rate percent min-rate-value-percent max-rate percent max-rate-value-percent

    Storm control is performed on broadcast packets, unknown multicast packets, or unknown unicast packets on the interface.

  4. Run storm-control action { block | error-down }

    The storm control action is set.

  5. (Optional) Run storm-control enable { log | trap }

    The system is configured to record logs or report traps during storm control.

  6. (Optional) Run storm-control interval interval-value

    The storm detection interval is set.

Verifying the Configuration

Run the display storm-control [ interface interface-type interface-number ] command to check the storm control configuration on an interface.

Follow-up Procedure

If an interface is in Error-Down state, you are advised to determine the cause first.

An interface in Error-Down state can be recovered using either of the following methods:
  • Manual recovery (after an Error-Down event occurs):

    If a few interfaces need to be recovered, run the shutdown and undo shutdown commands in the interface view. Alternatively, run the restart command in the interface view to restart the interfaces.

  • Automatic recovery (before an Error-Down event occurs):

    If a large number of interfaces need to be recovered, manual recovery is time consuming and some interfaces may be omitted. To avoid this problem, run the error-down auto-recovery cause storm-control interval interval-value command in the system view to enable automatic interface recovery and set the recovery delay time. Run the display error-down recovery command to view information about automatic interface recovery.

    NOTE:

    This method does not take effect on interfaces that are already in Error-Down state. It is effective only on interfaces that enter the Error-Down state after this configuration is complete.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 146519

Downloads: 79

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next