Using QoS policy-based storm protection
Configuration To use storm protection:
Protecting the network
Products
Software Versions
2.8.1 and later
1.Turn on the switch enhanced mode qoscounters, unless it is already enabled. After this, you need to restart the switch.
2.Create a classifier to match the desired traffic. To match all broadcast packets specify a destination MAC address of
3.Create a QoS traffic class and define the following storm protection settings in it:
z Window (stormwindow) specifies how often the switch measures traffic to decide whether to activate storm protection (in seconds).
z Rate (stormrate) specifies the amount of traffic per second that must be exceeded before the switch takes action.
z Action (stormaction) specifies what the switch does when it detects a storm: Link Down (linkdown) makes the switch physically disable the port on which the storm is occurring, so that the link goes down.
Port Disable (portdisable) makes the switch logically disable the port on which the storm is occurring, leaving the link up.
VLAN Disable (vlandisable) makes the switch block traffic only on the VLAN on which the storm is occurring.
z Timeout (stormtimeout) specifies the number of seconds that the port remains disabled for.
4.Create the rest of the QoS framework: a flow group and policy. Add the classifier to the flow group, the flow group to the traffic class, and the traffic class to the policy.
5.Apply the
The procedure above applies storm protection to classified traffic, and uses a classifier to select all broadcast traffic. This is the most common approach. If you want to, you can instead classify to select important
To apply storm protection to unclassified traffic, configure storm protection on the default traffic class in the QoS policy settings. Use the parameters dtcstormwindow, dtcstormrate, dtcstormaction, and dtcstormtimeout.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches | 5 |