Configure Firewall Policy Storm Control

About this task

The firewall maintains a facility to control packet storms. Storms are packet bombardments that exceed the high threshold value configured for an interface. During a storm, packets are throttled until the rate falls below the configured rate, severely impacting performance for the site manager interface. Thresholds are configured in terms of packets per second.

To define a storm control configuration for a Firewall policy:

Procedure

  1. Go to Policies > Firewall > Firewall Policy > Storm Control.
  2. Select Add to create new storm control policy settings.
    Setting Description
    Traffic Type Use the drop-down list box to define the traffic type for which the Storm Control configuration applies. Options include ARP, Broadcast, Multicast, and Unicast
    Interface Type Use the drop-down list box to define the interface for which the Storm Control configuration is applied. Only the specified interface uses the defined filtering criteria. Options include Ethernet, WLAN, and Port Channel
    Interface Name Use the drop-down list box to refine the interface selection to a specific WLAN or physical port. This helps with threshold configuration for potentially impacted interfaces
    Packets per Second Type or use the spinner tool to select the packet per second between 1 to 1,000,0000
  3. Select Add to save storm control settings.
  4. Select Add to create new storm control logging settings.
    Setting Description
    Traffic Type Use the drop-down list box to define the traffic type for which the Storm Control logging configuration applies. Options include ARP, Broadcast, Multicast, and Unicast
    Logging Select a logging setting used for specifying the standard log level used if a Storm Control attack is detected
  5. Select to delete existing settings.
  6. Select Add to create more storm control settings and logging settings.
  7. Select Save to update storm control configuration.
9037026-03 Rev AA