How to configure broadcast storm control on an interface of a CE series switch

3

Excessive broadcast packets on inbound and outbound interfaces of a switch will cause broadcast storms. To limit the rate of broadcast packets on an interface, you can configure broadcast storm control on the interface.
For example, you can configure broadcast storm control on 10GE1/0/1.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] storm control broadcast min-rate 1000 max-rate 2000 //Set the lower threshold for storm control to 1000 pps and upper threshold to 2000 pps.
[*HUAWEI-10GE1/0/1] storm control action error-down //Configure the switch to shut down the interface when detecting a broadcast storm.
[*HUAWEI-10GE1/0/1] commit

Other related questions:
How to configure broadcast traffic suppression on an interface of a CE series switch
Excessive broadcast packets on inbound and outbound interfaces of a switch will cause broadcast storms. To limit the rate of broadcast packets on an interface, you can configure broadcast traffic suppression on the interface.
For example, you can configure broadcast traffic suppression on 10GE1/0/1 and set the maximum rate of broadcast packets on the interface to 100 kbit/s.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] storm suppression broadcast cir 100
[*HUAWEI-10GE1/0/1] commit

Configuring traffic suppression and storm control on S series switches
For S series switches (except S1700 switches): Traffic suppression and storm control are two security technologies used to limit rates of broadcast, unknown multicast, and unknown unicast packets to prevent storms caused by these packets. Traffic suppression limits traffic rates using traffic rate thresholds, while storm control prevents traffic storms by shutting down interfaces. You can run the following commands to configure traffic suppression: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression cir 100 //Configure broadcast traffic suppression and set the CIR, that is the allowed rate at which broadcast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression 80 //Configure unknown multicast traffic suppression and limit the rate of unknown multicast packets to 80%. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression cir 100 //Configure unknown unicast traffic suppression and set the CIR, that is the allowed rate at which unknown unicast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] quit To block outgoing packets on an interface, run the following commands: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression block outbound //Block outgoing broadcast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression block outbound //Block outgoing unknown multicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression block outbound //Block outgoing unknown unicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] quit You can run the following commands to configure storm control: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] storm-control broadcast min-rate 1000 max-rate 2000 //Configure storm control on broadcast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control multicast min-rate 1000 max-rate 2000 //Configure storm control on unknown multicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control unicast min-rate 1000 max-rate 2000 //Configure storm control on unknown unicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control action block //Set the storm control action to block. [HUAWEI-GigabitEthernet1/0/0] storm-control enable log //Configure the device to record a log when detecting a storm. [HUAWEI-GigabitEthernet1/0/0] storm-control interval 90 //Set the interval for detecting storms. [HUAWEI-GigabitEthernet1/0/0] quit Note: If the storm control action on an interface is block, the interface restores the normal forwarding state when the traffic falls below the lower threshold. If the storm control action is shutdown, the interface cannot restore automatically and you need to run the undo shutdown command to restore it manually.

Checking the storm control configuration on an S series switch
For S series switches, you can run the display storm-control [ interface ] command in any view to check information about storm control on an interface.

How to prevent broadcast storms on the AC
WLAN devices support traffic suppression and user isolation to prevent broadcast storms. Traffic suppression limits traffic rate to prevent broadcast storms caused by broadcast, multicast, or unknown unicast packets. User isolation isolates users to reduce users' broadcast packets and the risk of broadcast storms. Example for configuring traffic suppression [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] broadcast-suppression packets 12600 //Set the rate limit in pps for broadcast packets. [Huawei-GigabitEthernet0/0/1] multicast-suppression packets 25200 //Set the rate limit in pps for multicast packets. [Huawei-GigabitEthernet0/0/1] unicast-suppression packets 12600 //Set the rate limit in pps for unknown unicast packets. [Huawei-GigabitEthernet0/0/1] quit Example for configuring user isolation For V200R005: [Huawei-wlan-view] service-set name test [Huawei-wlan-service-set-test] user-isolate //Set user isolation for service set test. [Huawei-wlan-service-set-test] quit [Huawei-wlan-view] quit For V200R006: # Configure user isolation for a traffic profile. system-view [Huawei] wlan [Huawei-wlan-view] traffic-profile name p1 //Create a traffic profile. [Huawei-wlan-traffic-prof-p1] user-isolate l2 //Configure Layer 2 user isolation. # Configure user isolation in an AP wired port profile. system-view [AC6605] wlan [AC6605-wlan-view] wired-port-profile name wired [AC6605-wlan-wired-port-prof-wired] mode endpoint [AC6605-wlan-wired-port-prof-wired] user-isolate l2 [AC6605-wlan-wired-port-prof-wired] quit [AC6605-wlan-view] ap-group name ap-group1 [AC6605-wlan-ap-group-ap-group1] wired-port-profile wired gigabitethernet 0

How to enable traffic control on interfaces of CE series switches
The procedure for enabling traffic control on interfaces of CE series switches is described on the right.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top