Home > Storm Control

Storm Control

September 13th, 2017 in SWITCH 300-115 Go to comments

Question 1

Explanation

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

Storm control uses one of these methods to measure traffic activity:
+ Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic
+ Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received
+ Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received

With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.

The command “storm-control broadcast level 75 65” limits the broadcast traffic up to 75% of the bandwidth (75% is called the rising threshold). The port will start forwarding broadcast traffic again when it drops below 65% of the bandwidth (65% is called the falling threshold).

Note: If you don’t configure the falling threshold, it will use the same value of the rising threshold.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_25_fx/configuration/guide/2960scg/swtrafc.html#wp1063295

Question 2

Explanation

By using the “storm-control broadcast level [falling-threshold]” we can limit the broadcast traffic on the switch.

Question 3

Explanation

The command “storm-control action {shutdown | trap} ” specifies the action to be taken when a storm is detected. The default is to filter out the traffic and not to send traps.
+ Select the shutdown keyword to error-disable the port during a storm.
+ Select the trap keyword to generate an SNMP trap when a storm is detected.

Question 4

Question 5

Question 6

Question 7

Explanation

There are various reasons for the interface to go into errdisable. The reason can be:
+ Duplex mismatch
+ Port channel misconfiguration
+ BPDU guard violation
+ UniDirectional Link Detection (UDLD) condition
+ Late-collision detection
+ Link-flap detection
+ Security violation
+ Port Aggregation Protocol (PAgP) flap
+ Layer 2 Tunneling Protocol (L2TP) guard
+ DHCP snooping rate-limit
+ Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
+ Address Resolution Protocol (ARP) inspection
+ Inline power

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

 

More information about storm control:

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

When a storm is detected, the interfaces configured with the shutdown action of the storm control command are brought down (err-disable state).

Question 8

Comments
  1. Anonymous
    October 9th, 2017

    Hi,

    For Question 7, reasons for err-disable.
    A. storm control
    B. security violation
    C. configuration ports into EtherChannel
    D. BPDUguard

    Is security violation not the correct answer? In the quiz its left out.

  2. Anonymous
    December 9th, 2017

    Hello, on question 7, on the quiz, BPDU guard is considered not a correct answer, but on this page it says it is. Is this a mistake?

  3. jimbob
    January 12th, 2018

    Anonymous,
    The quiz would be wrong, BPDUGuard definitely puts a port into err-disable

  4. RA
    January 19th, 2018

    What happen if I issue the command “storm-control broadcast level 75 65” and also “Storm-control action shutdown”?
    Will it error disable the port if reaches the 75% of the bandwidth of the port? and will recover the error disable when is below the 65%?
    and if insted of shutdonw, the port is configure for “trap”, will it trap to snmp server if reaches 75% but still permit the broadcast to flow? or will it trap and also stop the broadcast traffic without error disable?

  5. 1WAY
    February 13th, 2018

    Q8. Anyone know exactly what this question is asking?

  6. dumpspro dot com
    March 2nd, 2018

    new ccnp dumps
    look my name

  7. Confuse guy
    March 15th, 2018

    @1Way

    Obviously its asking the command syntax. lol

  8. Tinman
    March 16th, 2018

    Question 4 (Official Guide) Page 423
    Next, specify the action to be taken when the threshold is exceeded. By default, the
    excessive frames are simply dropped as they are received. In addition, you can use the
    following interface configuration command to shut down the interface in errdisable mode
    or to send an SNMP trap as an alert of a storm condition in progress:
    Switch(config-if)# storm-control action { shutdown | trap }

  9. Maracus
    March 23rd, 2018

    Guaranteed Latest Stuff to pass exam.
    HERE Instant DOWNLOAD (NO fake GROUP)

    20 US$ only
    D&D – PortFast / BPDU Guard / BPDU Filter (Official)
    D&D – Port Cost / Switch Port Priority / Port Priority
    D&D – STP Components (Official)
    D&D – LLDP-MED TLVs

    vtp simplet
    AAA Dot1x numbered ACL
    LACP-STP on physical interface

    ITS INSTANT DOWNLOAD

    https://docs.google.com/document/d/1oVSLbsZ0nuxaw5tZJjKYjRPR_m0k9jsa23ZqrECLIb8/edit

  10. Anonymous
    April 7th, 2018

    Q8

    command syntax isn’t wron??
    storm-control broadcast level 10 20

    10 is MAX and 20 is MIN. That doesn’t make sense.

    according to question 1
    storm-control broadcast level 75 65
    The switch resumes forwarding broadcasts when they are below 65% of bandwidth.
    The switch drops broadcasts when they reach 75% of bandwidth.

  11. jules_Jenkins
    April 15th, 2018

    Anonymous,

    I agree. It seems the numbers are mixed up. I’m no expert yet, but I would also say that the numbers are a bit low. The rising and falling threshold will always be met and 10 and 20 percent bandwidth. This might also be relative to network size. Oh well.

  1. No trackbacks yet.