Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
5
Helpful
4
Replies

storm control

jorge.s
Level 1
Level 1

‎10-13-2007 04:06 PM - edited ‎03-05-2019 07:04 PM

hi,

we have the following standard config of switch port. but frequently when users try to copy big files, or use ftp, prequently the port get's locked down. We would like to somehow protect our network, but would be safe to increase the level of storm controls?

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree guard root

switchport port-security

switchport port-security violation shutdown

switchport port-security maximum 1

switchport port-security aging time 1

switchport port-security aging type inactivity

speed auto

duplex auto

no cdp enable

no shut

storm-control broadcast level 65

storm-control multicast level 65

storm-control unicast level 85

storm-control action shutdown

Labels:
0 Helpful
4 Replies 4

Kevin Dorrell
Level 10
Level 10

‎10-13-2007 05:40 PM

I would say that it was the storm-control unicast level 85 that was causing your problem. I would simply remove it, it is not very useful on an access port anyway.

Usually your trunk links have a higher bandwidth than each individual access port, so it it sufficient to let the bandwidth of the port limit the unicast traffic.

If you really want to limit the unicast traffic from the access port, then you might be able to use the QoS tools for that, depending on which switch you have.

Oh, and it is normally bad practice to put spanning-tree bpdufilter on your access ports unless you absolutely need to for some obscure reason. You are inviting your users to connect two ports together with a cross-cable and so bring down the whole network. (Althouth your storm-control will migitate that in your case.)

Kevin Dorrell

Luxembourg

jorge.s
Level 1
Level 1
In response to Kevin Dorrell

‎10-15-2007 12:20 AM

Hi Kevin,

thanks a lot for your recommendation!

btw, this is the config which we are planning on deploying for Trunk Ports, could you also comment on there?

switchport trunk encapsulation dot1q

switchport mode trunk

cdp enable

no shut

switchport block multicast

switchport block unicast

Thanks

Jorge

0 Helpful

l.mourits
Level 5
Level 5
In response to jorge.s

‎10-15-2007 03:46 AM

Why would you like to block unicast and multicast packets from being flooded?

switchport block multicast

switchport block unicast

Just curiousity.

0 Helpful

l.mourits
Level 5
Level 5

‎10-15-2007 03:49 AM

Hi,

I noticed there is no switchport access vlan in you config. Was this left out in purpose for the post, and do you set them in real life, or are you using vlan 1 for your access-ports. If the last is true, it is stongly recommended to not use vlan 1.

HTH,

Leo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card