Hey guys,
Can some of you shed some light on these two topics. If I have storm control, if there a need for STP at all? I know Storm Control does not block STP packets, etc. But does it replace it?
There has got to be something I am missing here ??? ???
Storm control mitigates flooding. It doesn't stop loops
but dont all l2 loops cause broadcast storms?
If STP isn't stopping it yes.
However not all flooding is because of loops.
I have seen a PC go crazy and just send out butt loads of broadcast traffic, and cause some real issues.
yep good old intel nic ipv6 ND spam (seen it twice!). THe best one I saw sent the traffic to a WLC which then used multicast - unicast replication and tried to send it to all hundred WAPs as a unicast. LOL
unless you use some specific broadcast/multicast app in your network that requires silly bandwidth its usually safe to just shove a 10% limit on all standard user ports, probably safe to go lower
Quote from: dlots on March 09, 2017, 03:08:02 PM
I have seen a PC go crazy and just send out butt loads of broadcast traffic, and cause some real issues.
PC's, printers, phones, etc. I recommend both bpduguard and storm-control on all your client access ports, as well as additional port-security parameters (max # of MAC's, etc.)
Quote from: wintermute000 on March 09, 2017, 02:49:31 PM
Storm control mitigates flooding. It doesn't stop loops
3 types of flooding for storm control
broadcast
multicast
unicast
write up here
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_storm.html
http://www.netcraftsmen.com/understanding-cisco-traffic-storm-control/
Quote from: wintermute000 on March 09, 2017, 03:47:40 PM
yep good old intel nic ipv6 ND spam (seen it twice!). THe best one I saw sent the traffic to a WLC which then used multicast - unicast replication and tried to send it to all hundred WAPs as a unicast. LOL
Yep seen this as recently as this last summer. That network now has full storm control policies in place lol.