Configuring Storm Control
Context
Excess broadcast, multicast, or unicast packets have great impact on network devices. To limit the rate of these packets, configure storm control on the interface that receives these packets.
Pre-configuration Tasks
Before configuring the storm control function, configure link layer protocol parameters for interfaces to ensure that the link layer protocol status on the interfaces is Up.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run any of the following commands to storm control for the broadcast, multicast, and unicast packets on the interface.
- storm control { broadcast | multicast | unicast | unknown-unicast } min-rate percent min-rate-value max-rate percent max-rate-value
- storm control { broadcast | multicast | unicast | unknown-unicast } min-rate kbps min-rate-value max-rate kbps max-rate-value
- storm control { broadcast | multicast | unicast | unknown-unicast } min-rate min-rate-value max-rate max-rate-value
- Set the storm control action.
- Run the storm control action { error-down | block } command.
The device records the status of an interface as Error-Down when it detects that a fault occurs. The interface in Error-Down state cannot receive or send packets and the interface indicator is off.
- (Optional) Run storm control enable { log | trap }
The function of recording logs or reporting traps during storm control is enabled.
- (Optional) Run storm control interval interval-value
The storm detection interval is set.
- Run commit
The configuration is committed.
Verifying the Configuration
Run the display storm control [ interface interface-type interface-number [ verbose ] ] command to check the storm control configuration on an interface.
Follow-up Procedure
Generally, when attack packets exist, the average rate at which an interface receives broadcast, multicast, or unknown unicast packets is higher than the specified upper limit. In this situation, identify the attack source, remove the attack, and recover the interface status.
Manual recovery (after an Error-Down event occurs):
If a few interfaces need to be recovered, run the shutdown and undo shutdown commands in the interface view. Alternatively, run the restart command in the interface view to restart the interfaces.
Alternatively, run the undo storm control action or undo storm control { broadcast | multicast | unicast | unknown-unicast | all } command in the interface view to recover the interface status. This method is not recommended.
Automatic recovery (before an Error-Down event occurs):
If a large number of interfaces need to be recovered, manual recovery is time consuming and some interfaces may be omitted. To avoid this problem, run the error-down auto-recovery cause storm-control interval command in the system view to enable automatic interface recovery and set the recovery delay time. Run the display error-down recovery command to view information about automatic interface recovery.
This method does not take effect on interfaces that are already in Error-Down state. It is effective only on interfaces that enter the Error-Down state after this configuration is complete.