Storm Control
Storm Control limits the rates of unknown unicast packets, broadcast packets and/or unknown multicast packets.
By default this limit is set to 500 packets/second, but it's disabled by default. If the traffic rate for any of the types exceeds the configured threshold, the FortiSwitch unit drops the excess traffic. Packets above this treshold will be dropped.
Only packets categorized by the traffic types are blocked. All other packets are forwarded regulary on the switch port.
By default storm control is disabled on the mclag-icl, isl and fortilink connections. It's possible to define a global storm control policy, or a per-port storm control policy. The prefered way is to enable storm-control only on clients edge ports. The "Edge-Port" storm-control-policy is already assigned to all access ports by default. The default settings of the Edge-Port storm-control policy, is to use the global storm-control settings.
Changing the global storm-control-policy will enable storm-control on all non ICL, ISL or FortiLink ports.
Storm-control is implemented in hardware, so there are no logs to indicate traffic dropped by storm-control.
To verify it's working add following hw-counter. Add a PDISC hardware counter:
FSW# diagnose switch phyiscal-ports hw-counter add rx 4 PDISC port2
To check the counters:
FSW# diagnose switch physical-ports hw-counter show rx port2
The PDISC counter will show the dropped packets.
Storm control types
unknown-unicast: Unicast destination MAC is not in MAC table unknown-multicast: Multicast destination MAC is not in MAC table broadcast: Broadcast packets
Source: https://community.fortinet.com/t5/FortiSwitch/Troubleshooting-Tip-How-to-verify-working-of-storm-control/ta-p/225109
Last updated
Was this helpful?