Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3577
Views
5
Helpful
3
Replies

Broadcast Storm

stephan.sieger
Level 1
Level 1

‎09-04-2008 10:42 PM - edited ‎03-06-2019 01:12 AM

Hi,

what is the definition for a broadcast storm, and how can i check afterwards if there was an broadcast storm event during the night? Is a high cpu utilization the only hint, or can i see ports in err-disable state?

Tia,

Stephan

Labels:
0 Helpful
3 Replies 3

francisco_1
Level 7
Level 7

‎09-04-2008 11:04 PM

A broadcast storm occurs when broadcast or multicast packets flood the subnet, creating excessive traffic and degrading network performance.

One way to identify is you can have your switch automatically try to enable a port that has been placed in an error-disable state because of broadcast storm using the command " errdisable recovery cause storm-control". then look at the show logg to troubleshoot the error.

Francisco.

0 Helpful

stephan.sieger
Level 1
Level 1
In response to francisco_1

‎09-04-2008 11:40 PM

Hi Francisco,

when is broadcast defined as a storm? And what is the behavior of a switch with no storm-control configured, and how can i determine if a broadcast storm has occured when no storm-control is configured?

Stephan

0 Helpful

francisco_1
Level 7
Level 7
In response to stephan.sieger

‎09-04-2008 11:59 PM

Stephan,

To understand broacast storm better inclduing configuring strom control and Threshold levels, see http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swtrafc.html#wp1085954.

By default is it disable on a switch. Normally if a switch is under broadcast attack, the CPU usage will increase since broadcast traffic is process in software. Under sh cpu, one of the processes to search for is ARP Input. if you see this process using lots of CPU, then your switch might be under attack

see http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af6.shtml#arp

pls kindly rate.

Francisco

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card