Fortinet black logo

Devices Managed by FortiOS

Configuring storm control

Copy Link
Copy Doc ID b66bd869-148d-11eb-96b9-00505692583a:173291
Download PDF

Configuring storm control

Storm control uses the data rate (packets/sec, default 500) of the link to measure traffic activity, preventing traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port.

When the data rate exceeds the configured threshold, storm control drops excess traffic. You can configure the types of traffic to drop: broadcast, unknown unicast, or multicast. By default, these three types of traffic are not dropped.

To configure storm control for all switch ports (including both FortiLink ports and non-FortiLink ports) on the managed switches, use the following FortiOS CLI commands:

config switch-controller storm-control

set rate <rate>

set unknown-unicast {enable | disable}

set unknown-multicast {enable | disable}

set broadcast {enable | disable}

end

To configure storm control for a FortiSwitch port, use the FortiOS CLI to select the override storm-control-mode in the storm-control policy and then assigning the storm-control policy for the FortiSwitch port.

config switch-controller storm-control-policy

edit <storm_control_policy_name>

set description <description_of_the_storm_control_policy>

set storm-control-mode override

set rate <1-10000000 or 0 to drop all packets>

set unknown-unicast {enable | disable}

set unknown-multicast {enable | disable}

set broadcast {enable | disable}

next

end

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit port5

set storm-control-policy <storm_control_policy_name>

next

end

For example:

config switch-controller storm-control-policy

edit stormpol1

set description "storm control policy for port 5"

set storm-control-mode override

set rate 1000

set unknown-unicast enable

set unknown-multicast enable

set broadcast enable

next

end

config switch-controller managed-switch

edit S524DF4K15000024

config ports

edit port5

set storm-control-policy stormpol1

next

end

Configuring storm control

Storm control uses the data rate (packets/sec, default 500) of the link to measure traffic activity, preventing traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port.

When the data rate exceeds the configured threshold, storm control drops excess traffic. You can configure the types of traffic to drop: broadcast, unknown unicast, or multicast. By default, these three types of traffic are not dropped.

To configure storm control for all switch ports (including both FortiLink ports and non-FortiLink ports) on the managed switches, use the following FortiOS CLI commands:

config switch-controller storm-control

set rate <rate>

set unknown-unicast {enable | disable}

set unknown-multicast {enable | disable}

set broadcast {enable | disable}

end

To configure storm control for a FortiSwitch port, use the FortiOS CLI to select the override storm-control-mode in the storm-control policy and then assigning the storm-control policy for the FortiSwitch port.

config switch-controller storm-control-policy

edit <storm_control_policy_name>

set description <description_of_the_storm_control_policy>

set storm-control-mode override

set rate <1-10000000 or 0 to drop all packets>

set unknown-unicast {enable | disable}

set unknown-multicast {enable | disable}

set broadcast {enable | disable}

next

end

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit port5

set storm-control-policy <storm_control_policy_name>

next

end

For example:

config switch-controller storm-control-policy

edit stormpol1

set description "storm control policy for port 5"

set storm-control-mode override

set rate 1000

set unknown-unicast enable

set unknown-multicast enable

set broadcast enable

next

end

config switch-controller managed-switch

edit S524DF4K15000024

config ports

edit port5

set storm-control-policy stormpol1

next

end