How to protect your network from Flood using storm control

Storm control" is a really useful way to protect you network against flood attacks like Denial of Service. Storm control is monitoring all traffic (Broadcast, Unicast and Multicast coming into switch interfaces. Administrator sets a certain threshold for the amount of the traffic that are coming into a particular interface. An action will be taken automatically by the switch if it exceed the threshold.

How to configure the Storm control ?

configuration should be done in a aprticular interface as the bellow example

Grook-Switch# configure terminal
Grook-Switch(config)# interface FastEthernet0/3
Grook-Switch(config-if)# storm-control broadcast level 35
Grook-Switch(config-if)# storm-control action shutdown | trap

In our example, we had set the broadcast threshould of FastEthernet0/3 to 35%. It means that the allowed percentage of Broadcast traffic is 35%, if it exceed this percentage, an action will be taken. In the forth command, we set our action which is to shutdown the interface.

A question: what about trap ?!
Answer: It's to send SNMP trap to the agent

Notes:
- If you set the percentage to 0%, it means all traffic are denied .
- If you set the percentage to 100%, it means all traffic are allowed.
- Grook-Switch# Show Storm-control
is used to check the status of storm control in the ports

Advice: You have to be very careful while you are setting the percentage, otherwise you will end-up with a lot of troubles.

GROOK