Home > Storm Control

Storm Control

September 13th, 2017 in SWITCH 300-115 Go to comments

Question 1

Explanation

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

Storm control uses one of these methods to measure traffic activity:
+ Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic
+ Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received
+ Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received

With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.

The command “storm-control broadcast level 75 65” limits the broadcast traffic up to 75% of the bandwidth (75% is called the rising threshold). The port will start forwarding broadcast traffic again when it drops below 65% of the bandwidth (65% is called the falling threshold).

Note: If you don’t configure the falling threshold, it will use the same value of the rising threshold.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_25_fx/configuration/guide/2960scg/swtrafc.html#wp1063295

Question 2

Explanation

By using the “storm-control broadcast level [falling-threshold]” we can limit the broadcast traffic on the switch.

Question 3

Explanation

The command “storm-control action {shutdown | trap} ” specifies the action to be taken when a storm is detected. The default is to filter out the traffic and not to send traps.
+ Select the shutdown keyword to error-disable the port during a storm.
+ Select the trap keyword to generate an SNMP trap when a storm is detected.

Question 4

Question 5

Question 6

Question 7

Explanation

There are various reasons for the interface to go into errdisable. The reason can be:
+ Duplex mismatch
+ Port channel misconfiguration
+ BPDU guard violation
+ UniDirectional Link Detection (UDLD) condition
+ Late-collision detection
+ Link-flap detection
+ Security violation
+ Port Aggregation Protocol (PAgP) flap
+ Layer 2 Tunneling Protocol (L2TP) guard
+ DHCP snooping rate-limit
+ Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
+ Address Resolution Protocol (ARP) inspection
+ Inline power

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

Although the above reference does not mention about storm control can cause err-disable state but we can see it with the “show errdisable recovery” command:

show_errdisable_recovery.jpg

Therefore in this question maybe you will only see three correct answers.

More information about storm control:

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

When a storm is detected, the interfaces configured with the shutdown action of the storm control command are brought down (err-disable state).

Comments
  1. Anonymous
    October 9th, 2017

    Hi,

    For Question 7, reasons for err-disable.
    A. storm control
    B. security violation
    C. configuration ports into EtherChannel
    D. BPDUguard

    Is security violation not the correct answer? In the quiz its left out.

  2. Anonymous
    December 9th, 2017

    Hello, on question 7, on the quiz, BPDU guard is considered not a correct answer, but on this page it says it is. Is this a mistake?

  1. No trackbacks yet.