Fortinet white logo
Fortinet white logo

Storm control

Storm control

Storm control protects a LAN from disruption by traffic storms, which stem from mistakes in network configuration or denial-of-service attacks. A traffic storm, which may consist of broadcast, multicast, or unicast traffic, creates excessive traffic on the LAN and degrades network performance.

By default, storm control is disabled on a FortiSwitch unit. When enabled, it measures the data rate (in packets-per-second) for unknown unicast, unknown multicast, and broadcast traffic. You can enable and disable storm control for each of these traffic types individually. If the traffic rate for any of the types exceeds the configured threshold, the FortiSwitch unit drops the excess traffic.

By default, storm control configuration is global. Starting in FortiSwitchOS 6.2.0, you can configure storm control on a port level.

This chapter covers the following topics:

Configuring system-wide storm control

If you set the rate to zero, the system drops all packets (for the enabled traffic types):

Using the GUI:
  1. Go to Switch > Storm Control.
  2. Select Restrict Traffic.
  3. Select Broadcast, Unknown Unicast, and Unknown Multicast as required.
  4. Select the action to take, either Drop Packets or Rate Limit.
  5. If you selected Rate Limit, enter the number of packets per second.
  6. Select Update to save the changes.
Using the CLI:

config switch storm-control

set rate [0 | 2-10000000]

set unknown-unicast {enable | disable}

set unknown-mcast {enable | disable}

set broadcast {enable | disable}

Configuring port-level storm control

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. In the Storm Control area, select Configure Manually.
  4. Select one or more of the packet types: Broadcast, Unknown Multicast, and Unknown Unicast.
  5. Select the action to take, either Drop Packets or Rate Limit.
  6. If you selected Rate Limit, enter the number of packets per second.
  7. Select Update to save the changes.
Using the CLI:

config switch physical-port

edit <port_name>

set storm-control-mode override

config storm-control

set broadcast {enable | disable}

set rate [0 | 2-10000000]

set unknown-multicast {enable | disable}

set unknown-unicast {enable | disable}

end

end

Displaying the storm-control configuration

Use the following command to display the system-wide storm-control configuration:

get switch storm-control

Storm control

Storm control

Storm control protects a LAN from disruption by traffic storms, which stem from mistakes in network configuration or denial-of-service attacks. A traffic storm, which may consist of broadcast, multicast, or unicast traffic, creates excessive traffic on the LAN and degrades network performance.

By default, storm control is disabled on a FortiSwitch unit. When enabled, it measures the data rate (in packets-per-second) for unknown unicast, unknown multicast, and broadcast traffic. You can enable and disable storm control for each of these traffic types individually. If the traffic rate for any of the types exceeds the configured threshold, the FortiSwitch unit drops the excess traffic.

By default, storm control configuration is global. Starting in FortiSwitchOS 6.2.0, you can configure storm control on a port level.

This chapter covers the following topics:

Configuring system-wide storm control

If you set the rate to zero, the system drops all packets (for the enabled traffic types):

Using the GUI:
  1. Go to Switch > Storm Control.
  2. Select Restrict Traffic.
  3. Select Broadcast, Unknown Unicast, and Unknown Multicast as required.
  4. Select the action to take, either Drop Packets or Rate Limit.
  5. If you selected Rate Limit, enter the number of packets per second.
  6. Select Update to save the changes.
Using the CLI:

config switch storm-control

set rate [0 | 2-10000000]

set unknown-unicast {enable | disable}

set unknown-mcast {enable | disable}

set broadcast {enable | disable}

Configuring port-level storm control

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. In the Storm Control area, select Configure Manually.
  4. Select one or more of the packet types: Broadcast, Unknown Multicast, and Unknown Unicast.
  5. Select the action to take, either Drop Packets or Rate Limit.
  6. If you selected Rate Limit, enter the number of packets per second.
  7. Select Update to save the changes.
Using the CLI:

config switch physical-port

edit <port_name>

set storm-control-mode override

config storm-control

set broadcast {enable | disable}

set rate [0 | 2-10000000]

set unknown-multicast {enable | disable}

set unknown-unicast {enable | disable}

end

end

Displaying the storm-control configuration

Use the following command to display the system-wide storm-control configuration:

get switch storm-control