1. Home
  2. Knowledge Base
  3. Networking Solution
  4. Network Switches
  5. GWN783x Series
  6. Security
  7. GWN78xx - Storm Control Configuration
  1. Home
  2. Knowledge Base
  3. Networking Solution
  4. Network Switches
  5. GWN781x Series
  6. Security
  7. GWN78xx - Storm Control Configuration
  1. Home
  2. Knowledge Base
  3. Networking Solution
  4. Network Switches
  5. GWN780x Series
  6. Security
  7. GWN78xx - Storm Control Configuration

GWN78xx - Storm Control Configuration

Overview

Storm control is a security feature in GWN78xx switches designed to prevent broadcast, multicast, and unicast storms that could potentially lead to network congestion.

When configured, storm control monitors the traffic levels on each interface and, if the incoming traffic surpasses a predefined threshold, it takes action to prevent network disruption. The switch can drop, disable, or rate-limit the excess traffic on a specific interface. This helps prevent scenarios where a high volume of broadcast or multicast traffic, such as during a broadcast storm, negatively impacts network performance by consuming excessive bandwidth and causing network congestion.

Storm control

In this guide, we will explore how we can configure storm control on the GWN78xx network switch.

How Storm Control works

The GWN78xx supports storm control for the three types of traffic packets: Broadcast traffic, Unicast, and Multicast.

The way it works is simple: During a detection interval, the GWN78xx monitors the average rate of the three types of packets received on the interface and compares it with the configured maximum threshold defined on the storm control configuration section, when the packet rate is greater than the configured maximum threshold, the device performs storm control actions to either drop the incoming packets beyond the threshold, or to directly disable the port on which the storm control has occurred.

  • Dropping the packets: Packets are dropped when the average rate of receiving packets on the interface is more than the specified maximum threshold, storm control will drop the rest of the packets.
  • Disabling the port: If incoming packets on that specific port exceed a certain threshold, the interface will go down, you need to manually run the command to bring up the interface.
Process of Disabling/Dropping Packets

Configuration Example

In this example, we will configure the GWN78xx to prevent traffic storm control that can be created when connecting devices that send constant broadcast messages and risk flooding the network, the broadcast messages can be ARP broadcast messages sent by a specific network printer to other connected devices on the network.

We will also set a traffic suppression for unknown multicast traffic coming from a connected laptop that might be sending multicast traffic to other connected hosts with the multicast address, to prevent overwhelming the endpoints with multicast traffic.

  • The network printer is connected on interface 1/0/2
  • The Laptop will be connected on interface 1/0/7

Please refer to the below topology for more clarity on the setup:

Topology set up

Limiting Broadcast Traffic

To limit broadcast traffic on port 1/0/2, where a network printer will be connected, please follow the below steps:

  • Go to Security => Storm Control
  • We will set the Unit for calculating the threshold to packets per second (pps),
  • To avoid packet collisions, we will include an Inter-Frame Gap (IFG) which is a brief period of time between the transmission of two frames.
  • Select Port 1/0/2, and click on to edit the port
  • Enable storm control, and then enable Broadcast control
  • Set the threshold to 100 pps
  • Set the action to Drop, this means that if the broadcast packets per second exceed 100 on the 1/0/1 interface, the exceeding packets will be dropped to prevent network congestion.
  • Click OK, then save to save the configuration.

Limiting Unknown Multicast traffic

This time, we will limit the unknown multicast traffic coming from interface 1/0/7, where a laptop will be connected, if we notice that the laptop is sending excessive unknown multicast traffic, then the port will be disabled, to configure this:

  • Go to Security => Storm control
  • Set Unit to pps, and include Inter-Frame Gap (IFG)
  • Select Port 1/0/7, and click on to edit the port
  • Enable storm control on the 1/0/7 interface, then enable Unknown multicast control
  • Set the threshold to 100 pps
  • Set the action to disabled, this means that the port will be disabled if unknown multicast traffic exceeds 100 pps
  • Click OK, then save to save the configuration.

After both configurations are completed:

  • If broadcast messages coming from the network printer connected on interface 1/0/1 exceeds 100 packets per second, the rest of the broadcast messages will be dropped, however, the network printer will still be connected.
  • If the connected laptop on interface 1/0/7 sends unknown multicast traffic that exceeds 100 packets per second to the network, then the port will be disabled, and the laptop will lose access to the network.

Supported devices

Device Name

Supported

Firmware Required

GWN7801

Yes

1.0.3.19 or higher

GWN7801P

Yes

1.0.3.19 or higher

GWN7802

Yes

1.0.3.19 or higher

GWN7802P

Yes

1.0.3.19 or higher

GWN7803

Yes

1.0.3.19 or higher

GWN7803P

Yes

1.0.3.19 or higher

GWN7811

Yes

1.0.1.8 or higher

GWN7811P

Yes

1.0.1.8 or higher

GWN7812P

Yes

1.0.1.8 or higher

GWN7813

Yes

1.0.1.8 or higher

GWN7813P

Yes

1.0.1.8 or higher

GWN7806

Yes

1.0.1.14 or higher

GWN7806P

Yes

1.0.1.14 or higher

GWN7816

Yes

1.0.3.8 or higher

GWN7816P

Yes

1.0.3.8 or higher

GWN7830

Yes

1.0.3.3 or higher

GWN7831

Yes

1.0.3.3 or higher

GWN7832

Yes

1.0.3.3 or higher

List of supported devices

Was this article helpful?

Yes No

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support