Traffic Suppression and Storm Control Configuration: About This Chapter

S1720, S2700, S5700, and S6720 Series Ethernet
Switches 6 Traffic Suppression and Storm Control

Configuration Guide - Security Configuration
6 Traffic Suppression and Storm Control

Configuration
About This Chapter
This chapter describes basic concepts, configuration procedures, configuration

examples, and common misconfigurations for traffic suppression and storm
control.
6.1 Overview of Traffic Suppression and Storm Control

6.2 Understanding Traffic Suppression
6.3 Understanding Storm Control
6.4 Application Scenarios for Traffic Suppression
6.5 Application Scenarios for Storm Control
6.6 Licensing Requirements and Limitations for Traffic Suppression and Storm
Control
6.7 Default Settings for Traffic Suppression and Storm Control
6.8 Configuring Traffic Suppression
6.9 Configuring Storm Control
6.10 Configuration Examples for Traffic Suppression and Storm Control
6.11 Troubleshooting Traffic Suppression and Storm Control
6.1 Overview of Traffic Suppression and Storm Control
Definition
Traffic suppression and storm control can control broadcast packets, unknown
multicast packets, and unknown unicast packets and to prevent broadcast storms
Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 273

caused by these packets. Unknown unicast packets refer to unicast packets whose
destination MAC addresses have not been learned by the device.
Traffic suppression limits the traffic by setting a threshold, and storm control
blocks the traffic by shutting down an interface.
Purpose
When receiving broadcast packets, unknown multicast packets, and unknown
unicast packets, a switch forwards the packets to other Layer 2 Ethernet interfaces
in the same VLAN if the switch cannot determine the outbound interface based on
the destination MAC addresses of packets. When this happens, broadcast storms
may occur on the network and forwarding performance of the device will
deteriorate.
Traffic suppression and storm control can control these packets and prevent
broadcast storms.
6.2 Understanding Traffic Suppression

Traffic suppression prevents broadcast storms caused by broadcast, unknown
multicast, and unknown unicast packets, and is configured in the following views:
● Interface view
Controls the bandwidth percentage, packets per second, and bits per second
of incoming packets.
A switch monitors rates of these packets on the interface and compares the
rates with the thresholds. When the rate of incoming traffic reaches the
threshold, the switch discards excess traffic.
● Outbound interface view
Blocks outgoing broadcast packets, unknown multicast packets, and unknown
unicast packets.
● VLAN view
Limits the bits per second for broadcast packets.
A switch monitors broadcast packet rates in the same VLAN and compares
the rates with the thresholds. When the traffic rate in the VLAN reaches the
threshold, the switch discards excess traffic.
By default, the device supports traffic suppression triggered by MAC address

flapping. When MAC address flapping detection is enabled, traffic suppression will
be triggered on the interface where MAC address flapping occurs. That is, the rate
of unknown unicast packets is limited to 50% of the interface bandwidth.
NOTE
If traffic suppression on unknown unicast packets is configured using the unicast-

suppression command and the rate limit of unknown unicast packets is not 100% of the
interface bandwidth, or storm control on unknown unicast packets is configured using the
storm-control command, traffic suppression will not be triggered on an interface where
MAC address flapping occurs.

6.3 Understanding Storm Control

Storm control prevents broadcast storms caused by broadcast packets, unknown
multicast packets, and unknown unicast packets. It is configured in the interface
view to limit the number of packets per second.
In a detection interval, a switch with storm control configured monitors the

average rates of incoming packets on an interface and compares the average rates
with the thresholds. When the rate of a particular type of packets exceeds the
threshold allowed for these packets, the switch takes a storm control action on the
interface.
Storm control actions include block and shutdown. An interface that is blocked or
shut down can be recovered in the following ways:
● When the average rates of incoming packets on a blocked interface fall below
the lower thresholds, the interface is unblocked to forward packets.
● If the action is shutdown, manually unblock the interface or enable the
interface to automatically recover to the Up state.
NOTE
When detecting unicast packets, a switch does not distinguish unknown unicast packets
from known unicast packets. The packet rate detected is the sum of the rates of unknown
and known unicast packets. When the storm control action is block, the switch blocks only
the unknown unicast packets. This rule also applies to multicast packets.
6.4 Application Scenarios for Traffic Suppression
Figure 6-1 Networking diagram of traffic suppression
L2 network GE0/0/1 GE0/0/2 L3 network
SwitchA
As shown in Figure 6-1,

● Traffic suppression can be configured in a VLAN on a Layer 2 network device
to limit the rates of broadcast packets in the VLAN.
● Switch A is connected to a Layer 2 network and a router. To limit the rates of
broadcast, unknown multicast, and unknown unicast packets forwarded by
the Layer 2 network, configure traffic suppression on the Layer 2 Ethernet
interface GE0/0/1 of Switch A.
● You can also configure Switch A to block the outgoing broadcast, unknown
multicast, and unknown unicast packets on GE0/0/1 to ensure Layer 2
network security.

6.5 Application Scenarios for Storm Control
Figure 6-2 Networking diagram of storm control
L2 network GE0/0/1 GE0/0/2 L3 network
SwitchA
As shown in Figure 6-2, Switch A is connected to a Layer 2 network and a router.

To limit the rates of broadcast packets, unknown multicast packets, and unknown
unicast packets forwarded by the Layer 2 network, configure storm control on the
Layer 2 Ethernet interface GE0/0/1 of Switch A.
6.6 Licensing Requirements and Limitations for Traffic

Suppression and Storm Control
Involved Network Elements

Other network elements are not required.
Licensing Requirements
Configuration commands of traffic suppression and storm control are available
only after the S1720GW, S1720GWR, and S1720X have the license (WEB
management to full management Electronic RTU License) loaded and activated
and the switches are restarted. Configuration commands of traffic suppression and
storm control on other models are not under license control.
For details about how to apply for a license, see S Series Switch License Use
Guide.
Version Requirements
Table 6-1 Products and versions supporting traffic suppression and storm control
Product Product Software Version

Model
S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10


Model
S1720GW V200R010C00, V200R011C00, V200R011C10

and
S1720GWR
S1720GW- V200R010C00, V200R011C00, V200R011C10

E and
S1720GWR
-E
S1720X V200R011C00, V200R011C10

and
S1720X-E
Other Models that cannot be configured using commands.

S1700 For details about features and versions, see S1700
models Documentation Bookshelf.
S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)
S2700EI V100R005C01, V100R006(C00&C01&C03&C05)
S2710SI V100R006(C03&C05)
S2720EI V200R006C10, V200R009C00, V200R010C00,

V200R011C10
S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

V200R007C00, V200R008C00, V200R009C00,
V200R010C00, V200R011C00, V200R011C10
S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

and
S3700EI
S3700HI V100R006C01, V200R001C00
S5700 S5700LI V200R001C00, V200R002C00,

V200R003(C00&C02&C10), V200R005C00SPC300,
V200R006C00, V200R007C00, V200R008C00,
V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S5700S-LI V200R001C00, V200R002C00, V200R003C00,

V200R005C00SPC300, V200R006C00, V200R007C00,
V200R008C00, V200R009C00, V200R010C00,
V200R011C00, V200R011C10
S5710-C-LI V200R001C00
S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S5700SI V100R005C01, V100R006C00, V200R001C00,

V200R002C00, V200R003C00, V200R005C00


Model
S5700EI V100R005C01, V100R006(C00&C01),

V200R001(C00&C01), V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)
S5710EI V200R001C00, V200R002C00, V200R003C00,

V200R005(C00&C02)
S5720EI V200R007C00, V200R008C00, V200R009C00,

V200R010C00, V200R011C00, V200R011C10
S5720LI V200R010C00, V200R011C00, V200R011C10

and
S5720S-LI
S5720SI V200R008C00, V200R009C00, V200R010C00,

and V200R011C00, V200R011C10
S5720S-SI
S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00SPC500&C01&C02)
S5710HI V200R003C00, V200R005(C00&C02&C03)
S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

V200R009C00, V200R010C00, V200R011C00,
V200R011C10
S5730SI V200R011C10
S5730S-EI V200R011C10
S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

V200R003C00, V200R005(C00&C01&C02)
S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10
S6720LI, V200R011C00, V200R011C10

S6720S-LI
S6720SI, V200R011C00, V200R011C10

S6720S-SI
NOTE
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
Features supported in different views

Table 6-2 lists the traffic suppression and storm control features supported in the
interface and VLAN views.
Table 6-2 Features supported in different views

View Traffic Suppression and Storm
Control Features Supported by the
Switch
Interface view ● Traffic suppression for broadcast,

unknown multicast, and unknown
unicast packets
● Storm control for broadcast,
unknown multicast, and unknown
unicast packets
● Traffic suppression for ICMP
packets
VLAN view Traffic suppression for broadcast

packets
Difference between Traffic Suppression and Storm Control

Traffic suppression and storm control prevent broadcast storms caused by
broadcast, unknown multicast, and unknown unicast packets. However, they use
different methods to control traffic:
● In traffic suppression, rate thresholds are configured for three types of
incoming packets on interfaces. The system discards the traffic exceeding the
threshold and forwards the traffic within the threshold. In this way, the
system limits the traffic rate in an acceptable range. In addition, traffic
suppression can block outgoing packets on interfaces.
● In storm control, rate thresholds are configured for three types of incoming
packets only on interfaces. When the traffic exceeds the threshold, the system
rejects the packets of this particular type on the interface or shuts down the
interface.
For incoming packets of the same type on an interface, you can configure either
traffic suppression or storm control.
6.7 Default Settings for Traffic Suppression and Storm

Control
Table 6-3 and Table 6-4 list the default parameter settings for traffic suppression
and storm control.

Table 6-3 Traffic suppression

Parameter Default Setting
Traffic suppression on an interface Enabled
Traffic suppression mode on an Percentage limit rate mode

interface
Percentage 10% for broadcast traffic and 100%

for other traffic
Blocking outgoing packets Disabled
Traffic suppression in a VLAN Disabled
Traffic suppression for Internet Control Disabled

Message Protocol (ICMP) packets
Traffic suppression threshold for ICMP By default, the rate limits of ICMP
Packets packets in the system and on an
interface depend on the product
model. The value is 128 on the
S6720EI, S6720S-EI, S5720HI, and
S5720EI, and 190 on the other models,
in pps.
Table 6-4 Storm control

Parameter Default Setting
Storm control Disabled
Log record and alarm report Disabled
Detection interval 5 seconds
6.8 Configuring Traffic Suppression
6.8.1 Configuring Traffic Suppression on an Interface
Context
Excess broadcast, unknown multicast, or unknown unicast packets will cause
broadcast storms. You can configure traffic suppression for a specified type of
packet on an interface to limit the rate of these packets.
The S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E,
S1720X-E, S2720EI, S2750EI, S5720SI, S5720S-SI, S5710-X-LI, S5720LI, S5720S-LI,
S5700LI, S5700S-LI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-

SI support two traffic suppression modes on interfaces: number of packets per

second (pps) and number of bits per second (bit/s). The default mode is pps. The
bit/s mode is more precise than the pps mode. Other models only support the pps
mode.
NOTE
You can configure suppression on broadcast, unknown multicast, and unknown unicast traffic
on the same interface.
Pre-configuration Tasks
Before configuring traffic suppression on an interface, configure link layer protocol
parameters for interfaces to ensure that the link layer protocol status on the
interfaces is Up.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Run suppression mode { by-packets | by-bits }
The traffic suppression mode is set.
NOTE
Only the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,

S2720EI, S2750EI, S5720SI, S5720S-SI, S5710-X-LI, S5720LI, S5720S-LI, S5700LI, S5700S-LI,
S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI support this command.
If the traffic suppression mode set in the system view is pps, the cir parameter cannot be
specified when you set the maximum traffic rate on an interface.
If the traffic suppression mode set in the system view is bit/s, the packets parameter cannot be
specified when you set the maximum traffic rate on an interface.
Step 3 Run interface interface-type interface-number

The interface view is displayed.
Step 4 Run { broadcast-suppression | multicast-suppression | unicast-suppression }
{ percent-value | cir cir-value [ cbs cbs-value ] | packets packets-per-second }
Traffic suppression is configured.
When traffic suppression is configured on interfaces of S1720GFR, S1720GW,
S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2720EI, S2750EI,
S5720SI, S5720S-SI, S5710-X-LI, S5720LI, S5720S-LI, S5700LI, S5700S-LI, S5730SI,
S5730S-EI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI, the traffic suppression
mode must be the same as that configured in the system view; otherwise, the
system displays an error message.
Step 5 Run { broadcast-suppression | multicast-suppression | unicast-suppression }
block outbound
The interface is configured to block outgoing packets.
----End

6.8.2 Configuring Traffic Suppression in a VLAN
Context
Excess broadcast packets will cause broadcast storms. You can configure traffic
suppression for a specified type of packet in a VLAN to limit the rate of these
packets.
NOTE
After traffic suppression is configured in a VLAN, the number of packets that can be transmitted
per second in the VLAN depends on the method to calculate the packet length. By default, the
device calculates the 20-byte inter-frame gap and preamble. That is, the device calculates the
actual packet length plus 20-byte inter-frame gap and preamble.
On the S1720GFR, S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E,
S2720EI, S2750EI, S5720SI, S5720S-SI, S5730SI, S5730S-EI, S5710-X-LI, S5720LI, S5720S-LI,
S5700LI, S5700S-LI, S6720LI, S6720S-LI, S6720SI, and S6720S-SI, if inbound traffic policing on an
interface, broadcast traffic suppression in a VLAN, and inbound flow-based traffic policing are
configured simultaneously and packets match two or three of the rate limiting rules, the system
applies the rules in the following order: inbound traffic policing on interface, broadcast traffic
suppression in the VLAN, and inbound flow-based traffic policing (descending order of priority).
For example, if packets match both the inbound traffic policing rule on an interface and
broadcast traffic suppression rule in a VLAN, the inbound traffic policing rule on the interface
takes effect. For details on how to configure the inbound traffic policing on an interface and
inbound flow-based traffic policing, see Configuring Inbound Interface-based Rate Limiting and
Configuring MQC to Implement Traffic Policing in "Traffic Policing, Traffic Shaping, and
Interface-based Rate Limiting" in the S1720, S2700, S5700, and S6720 V200R011C10
Configuration Guide - QoS.
Before configuring traffic suppression in a VLAN, configure link layer protocol
parameters for interfaces in the VLAN to ensure that the link layer protocol status
on the interfaces is Up.
Procedure
Step 2 Run vlan vlan-id
The VLAN view is displayed.
Step 3 Run broadcast-suppression threshold-value
The broadcast suppression rate is configured in the VLAN.
----End
6.8.3 Configuring Traffic Suppression for ICMP Packets
Context
Malicious users may flood a network with ICMP packets to initiate an attack.
Processing large numbers of ICMP packets will consume many CPU resources and

cause service abnormalities. To resolve this problem, configure ICMP packet

suppression.
After ICMP packet suppression is configured on an interface, the system

automatically discards ICMP packets when the number of ICMP packets sent by an
interface to the CPU every second exceeds the rate threshold.
Before configuring ICMP packet suppression on an interface, run the undo icmp-
reply fast command to disable the ICMP reply fast function.
Before configuring traffic suppression for ICMP packets, configure link layer
protocol parameters for interfaces to ensure that the link layer protocol status on
the interfaces is Up.
Procedure
Step 2 Run icmp rate-limit enable
Traffic suppression for ICMP packets is enabled.
By default, the traffic suppression function for ICMP packets is disabled.
Step 3 Run icmp rate-limit { total | interface interface-type interface-number [ to

interface-number ] } threshold threshold-value
The rate threshold for ICMP packets in the interface and system views is
configured.
By default, the rate limits of ICMP packets in the system and on an interface
depend on the product model. The value is 128 on the S6720EI, S6720S-EI,
S5720HI, and S5720EI, and 190 on the other models, in pps.
----End
6.8.4 Verifying the Traffic Suppression Configuration
Procedure
● Run the display flow-suppression interface interface-type interface-number
command to check the traffic suppression configuration.
----End
6.9 Configuring Storm Control

Context
Excess broadcast, unknown multicast, or unknown unicast packets have a
significant impact on network devices. To limit the rate of these packets, configure
storm control on the interface that receives these packets.
NOTE
When Jumbo frames are received by an interface, the bytes mode is recommended.
When detecting unicast packets, a switch does not distinguish unknown unicast packets
from known unicast packets. The packet rate detected is the sum of the rates of unknown
and known unicast packets. When the storm control action is block, the switch blocks only
the unknown unicast packets. This rule also applies to multicast packets.
Before configuring the storm control function, configure link layer protocol
parameters for interfaces to ensure that the link layer protocol status on the
interfaces is Up.
Procedure
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 Run storm-control { broadcast | multicast | unicast } min-rate min-rate-value
max-rate max-rate-value
or storm-control { broadcast | multicast | unicast } min-rate cir min-rate-value-
cir max-rate cir max-rate-value-cir or storm-control { broadcast | multicast |
unicast } min-rate percent min-rate-value-percent max-rate percent max-rate-
value-percent
Storm control is performed on broadcast packets, unknown multicast packets, or
unknown unicast packets on the interface.
Step 4 Run storm-control action { block | error-down }
The storm control action is set.
Step 5 (Optional) Run storm-control enable { log | trap }
The system is configured to record logs or report traps during storm control.
Step 6 (Optional) Run storm-control interval interval-value
The storm detection interval is set.
----End
Verifying the Configuration

Run the display storm-control [ interface interface-type interface-number ]
command to check the storm control configuration on an interface.

Follow-up Procedure
If an interface is in Error-Down state, you are advised to determine the cause first.
An interface in Error-Down state can be recovered using either of the following
methods:
● Manual recovery (after an Error-Down event occurs):
If a few interfaces need to be recovered, run the shutdown and undo
shutdown commands in the interface view. Alternatively, run the restart
command in the interface view to restart the interfaces.
● Automatic recovery (before an Error-Down event occurs):
If a large number of interfaces need to be recovered, manual recovery is time
consuming and some interfaces may be omitted. To avoid this problem, run
the error-down auto-recovery cause storm-control interval interval-value
command in the system view to enable automatic interface recovery and set
the recovery delay time. Run the display error-down recovery command to
view information about automatic interface recovery.
NOTE
This method does not take effect on interfaces that are already in Error-Down state. It
is effective only on interfaces that enter the Error-Down state after this configuration
is complete.
6.10 Configuration Examples for Traffic Suppression

and Storm Control
6.10.1 Example for Configuring Traffic Suppression
Networking Requirements
In Figure 6-3, Switch A is connected to a Layer 2 network and a Layer 3 router.
Switch A needs to be configured to prevent broadcast storms caused by a large
number of broadcast packets, unknown multicast packets, or unknown unicast
packets forwarded at Layer 2.
Figure 6-3 Networking diagram of traffic suppression
GE0/0/1 GE0/0/2
L2 network L3 network
Switch A Router
Configuration Roadmap
The configuration roadmap is as follows:

1. Configure traffic suppression in the view of GE0/0/1 to prevent broadcast

storms caused by a large number of broadcast packets, unknown multicast
packets, or unknown unicast packets forwarded at Layer 2.
Procedure
Step 1 Enter the interface view.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet 0/0/1
Step 2 Configure traffic suppression for broadcast packets. Set bandwidth percentage for
broadcast packets to 80%.
[SwitchA-GigabitEthernet0/0/1] broadcast-suppression 80
Step 3 Set bandwidth percentage for unknown multicast packets to 80%.

[SwitchA-GigabitEthernet0/0/1] multicast-suppression 80
Step 4 Configure traffic suppression for unknown unicast packets. Set bandwidth
percentage for unknown unicast packets to 80%.
[SwitchA-GigabitEthernet0/0/1] unicast-suppression 80
[SwitchA-GigabitEthernet0/0/1] quit
Step 5 Verify the configuration.

Run the display flow-suppression interface command to view the traffic
suppression configuration on GE0/0/1.
[SwitchA] display flow-suppression interface gigabitethernet 0/0/1
storm type rate mode set rate value
-------------------------------------------------------------------------------
unknown-unicast percent percent: 80%
multicast percent percent: 80%
broadcast percent percent: 80%
-------------------------------------------------------------------------------
----End
Configuration Files
Switch A configuration file
#
sysname SwitchA
#
interface GigabitEthernet0/0/1
unicast-suppression 80
multicast-suppression 80
broadcast-suppression 80
#
return
6.10.2 Example for Configuring Storm Control
Networking Requirements
In Figure 6-4, Switch A is connected to a Layer 2 network and a Layer 3 router.
Switch A needs to be configured to prevent broadcast storms caused by a large
number of broadcast packets, unknown multicast packets, or unknown unicast
packets forwarded at Layer 2.

Figure 6-4 Networking diagram of storm control
GE0/0/1 GE0/0/2
L2 network L3 network
Switch A Router
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure storm control in the interface view of GE0/0/1 to prevent broadcast
storms caused by a large number of broadcast packets, unknown multicast
packets, or unknown unicast packets forwarded at Layer 2.
Procedure
Step 1 Enter the interface view.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface gigabitethernet0/0/1
Step 2 Configure storm control for broadcast packets.

[SwitchA-GigabitEthernet0/0/1] storm-control broadcast min-rate 1000 max-rate 2000
Step 3 Configure storm control for unknown multicast packets.

[SwitchA-GigabitEthernet0/0/1] storm-control multicast min-rate 1000 max-rate 2000
Step 4 Configure storm control for unknown unicast packets.

[SwitchA-GigabitEthernet0/0/1] storm-control unicast min-rate 1000 max-rate 2000
Step 5 Set the storm control action to block.

[SwitchA-GigabitEthernet0/0/1] storm-control action block
Step 6 Enable the system to record logs during storm control.

[SwitchA-GigabitEthernet0/0/1] storm-control enable log
Step 7 Set the detection interval.

[SwitchA-GigabitEthernet0/0/1] storm-control interval 90
[SwitchA-GigabitEthernet0/0/1] quit
Step 8 Verify the configuration.

Run the display storm-control interface command to view storm control
configuration on GE0/0/1.
[SwitchA] display storm-control interface gigabitethernet 0/0/1
--------------------------------------------------------------------------------
PortName Type Rate Mode Action Punish- Trap Log Int Last-
(Min/Max) Status Punish-Time
--------------------------------------------------------------------------------
GE0/0/1 Broadcast 1000 Pps Block Normal Off On 90 -
/2000
GE0/0/1 Multicast 1000 Pps Block Normal Off On 90 -
/2000
GE0/0/1 Unicast 1000 Pps Block Normal Off On 90 -

/2000
--------------------------------------------------------------------------------
----End
Configuration Files
Switch A configuration file
#
sysname SwitchA
#
interface GigabitEthernet0/0/1
storm-control broadcast min-rate 1000 max-rate 2000
storm-control multicast min-rate 1000 max-rate 2000
storm-control unicast min-rate 1000 max-rate 2000
storm-control interval 90
storm-control action block
storm-control enable log
#
return
6.11 Troubleshooting Traffic Suppression and Storm

Control
6.11.1 Broadcast Traffic Suppression Does Not Take Effect
Fault Description
After broadcast traffic suppression is configured on an interface, a broadcast
storm caused by broadcast packets still occurs and service traffic is interrupted.
Common Causes
This fault is commonly caused by one of the following:
● Broadcast suppression is not configured on interfaces, or the broadcast
suppression threshold is set too high.
● Broadcast packets are not discarded on the inbound interface.
NOTE
● Saving the results of each troubleshooting step is recommended so that, if the

troubleshooting fails to correct the fault, you can provide this information to technical
support personnel.
● Troubleshooting for unknown multicast and unknown unicast traffic suppression is
similar to that for broadcast traffic suppression.
Procedure
Step 1 Check that traffic suppression is correctly configured on the related interface.
Run the display flow-suppression interface interface-type interface-number
command in the user view to check whether the values of rate mode and set rate
value in the broadcast field are appropriate.

● If these values are inappropriate, run the broadcast-suppression { percent-

value | packets packets-per-second } command to change broadcast traffic
suppression parameters.
● If these values are appropriate, go to step 2.
Step 2 Check whether broadcast packets are being discarded in the inbound direction of
the interface.
Use the following methods to check whether broadcast packets are being
discarded in the inbound direction of the interface:
● Run the display interface interface-type interface-number command in the
user view to check whether the value of Input bandwidth utilization
changes significantly after traffic suppression is configured. Normally, after
traffic suppression is configured, bandwidth occupation on an interface
decreases if the interface is discarding excess packets. If the value of Input
bandwidth utilization does not change or changes only slightly, go to step 3.
● Add another interface (interface B) to the same VLAN as the interface
(interface A) that is configured with traffic suppression. Then check whether
the volume of the outgoing traffic on interface B is the same as the volume of
the traffic on interface A. If they are different, packets are not discarded in the
inbound direction of interface A. Go to step 3.
Step 3 Collect the following information and contact technical support personnel.
● Results of the preceding troubleshooting procedure
● Configuration file, logs, and alarms of the member switch
----End

Traffic Suppression and Storm Control Configuration: About This Chapter

Uploaded by

Copyright:

Available Formats

You might also like

Traffic Suppression and Storm Control Configuration: About This Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Traffic Suppression and Storm Control Configuration: About This Chapter

Uploaded by

Copyright:

Available Formats

S1720, S2700, S5700, and S6720 Series Ethernet

Switches 6 Traffic Suppression and Storm Control

6 Traffic Suppression and Storm Control

About This Chapter

This chapter describes basic concepts, configuration procedures, configuration

6.1 Overview of Traffic Suppression and Storm Control

6.1 Overview of Traffic Suppression and Storm Control

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 273

6.2 Understanding Traffic Suppression

By default, the device supports traffic suppression triggered by MAC address

If traffic suppression on unknown unicast packets is configured using the unicast-

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 274

6.3 Understanding Storm Control

In a detection interval, a switch with storm control configured monitors the

6.4 Application Scenarios for Traffic Suppression

Figure 6-1 Networking diagram of traffic suppression

L2 network GE0/0/1 GE0/0/2 L3 network

As shown in Figure 6-1,

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 275

6.5 Application Scenarios for Storm Control

Figure 6-2 Networking diagram of storm control

L2 network GE0/0/1 GE0/0/2 L3 network

As shown in Figure 6-2, Switch A is connected to a Layer 2 network and a router.

6.6 Licensing Requirements and Limitations for Traffic

Involved Network Elements

Product Product Software Version

S1700 S1720GFR V200R006C10, V200R009C00, V200R010C00,

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 276

Product Product Software Version

S1720GW V200R010C00, V200R011C00, V200R011C10

S1720GW- V200R010C00, V200R011C00, V200R011C10

S1720X V200R011C00, V200R011C10

Other Models that cannot be configured using commands.

S2700 S2700SI V100R005C01, V100R006(C00&C01&C03&C05)

S2700EI V100R005C01, V100R006(C00&C01&C03&C05)

S2720EI V200R006C10, V200R009C00, V200R010C00,

S2750EI V200R003C00, V200R005C00SPC300, V200R006C00,

S3700 S3700SI V100R005C01, V100R006(C00&C01&C03&C05)

S3700HI V100R006C01, V200R001C00

S5700 S5700LI V200R001C00, V200R002C00,

S5700S-LI V200R001C00, V200R002C00, V200R003C00,

S5710-X-LI V200R008C00, V200R009C00, V200R010C00,

S5700SI V100R005C01, V100R006C00, V200R001C00,

Issue 12 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 277

Product Product Software Version

S5700EI V100R005C01, V100R006(C00&C01),

S5710EI V200R001C00, V200R002C00, V200R003C00,

S5720EI V200R007C00, V200R008C00, V200R009C00,

S5720LI V200R010C00, V200R011C00, V200R011C10

S5720SI V200R008C00, V200R009C00, V200R010C00,

S5700HI V100R006C01, V200R001(C00&C01), V200R002C00,

S5710HI V200R003C00, V200R005(C00&C02&C03)

S5720HI V200R006C00, V200R007(C00&C10), V200R008C00,

S6700 S6700EI V100R006C00, V200R001(C00&C01), V200R002C00,

S6720EI V200R008C00, V200R009C00, V200R010C00,

S6720S-EI V200R009C00, V200R010C00, V200R011C00,

S6720LI, V200R011C00, V200R011C10

S6720SI, V200R011C00, V200R011C10