UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Cisco switch must have Storm Control configured on all host-facing switchports.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220636 CISC-L2-000160 SV-220636r648763_rule Low
Description
A traffic storm occurs when packets flood a LAN, creating excessive traffic and degrading network performance. Traffic storm control prevents network disruption by suppressing ingress traffic when the number of packets reaches a configured threshold levels. Traffic storm control monitors ingress traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.
STIG Date
Cisco IOS Switch L2S Security Technical Implementation Guide 2023-09-14

Details

Check Text ( C-22351r648761_chk )
Review the switch configuration to verify that storm control is enabled on all host-facing interfaces as shown in the example below:

interface GigabitEthernet0/3
switchport access vlan 12
storm-control unicast level bps 62000000
storm-control broadcast level bps 20000000

Note: Bandwidth percentage thresholds (via level parameter) can be used in lieu of PPS rate.

If storm control is not enabled at a minimum for broadcast traffic, this is a finding.
Fix Text (F-22340r648762_fix)
Configure storm control for each host-facing interface as shown in the example below:

SW1(config)#int range g0/2 - 8
SW1(config-if-range)#storm-control unicast bps 62000000
SW1(config-if-range)#storm-control broadcast level bps 20000000


Note: The acceptable range is 10000000 -1000000000 for a gigabit Ethernet interface, and 100000000-10000000000 for a 10-gigabit interface. Storm control is not supported on most FastEthernet interfaces.