Question: What is storm control in Mobility Access switch and the recommended best practice config?
Storm control prevents interfaces from disruptions by providing protection against excessive ingress rates of unknown-unicast, multicast, and broadcast traffic.
The function can be set under switch-profile. See an example below .. The settings are to allow only 50% of interface speed to be used for unknown unicast, broadcast and multicast traffic.
Storm control prevents LAN interfaces from being disrupted by a broadcast storm. A broadcast storm occurs when broadcast packets flood the subnet, creating excessive traffic and degrading network performance. Despite the fact that most protocols generally take care of loop prevention (eg. stp, rstp), a rogue switch can easily generate traffic storms and bring down a network. There is therefore a need to prevent these broadcast storms
(host) (config) #interface-profile switching-profile STORM_CONTROL
(host) (switching profile "STORM_CONTROL") #storm-control-bandwidth 50
(host) (switching profile "STORM_CONTROL") #storm-control-unknown-unicast
(host) (switching profile "STORM_CONTROL") #storm-control-multicast
(host) (switching profile "STORM_CONTROL") #storm-control-broadcast
(host) (config) #interface gigabitethernet 0/0/20
(host) (gigabitethernet "0/0/20") #switching-profile STORM_CONTROL
1. If the rate is set at 50% with unknown-unicast and broadcast enabled, what is the actual rate when storm control starts to drop the packets?
For example, if we have 40% of unknown-unicast and 20% of broadcast traffic incoming, will the storm control get activated (since combine total = 60%)? :Or is it EACH type of traffic being storm-controlled individually (so storm control will not activate until either traffic exceeds 50% individually)? :Each type of traffic is being controlled individually. So storm control will not activate until either traffic exceeds 50% individually.
2. Per default interface-profile, storm control is already enabled at 50% for both unknown unicast and broadcast - just wanted to confirm.
Yes storm control is enabled by default for unknown unicast and broadcast with 50%.
3. As storm control is hardware based, does this mean CLI configuration will match exactly to the bandwidth or is there any +/- 1 - 2% error due to configuration-to-hardware mapping?
We saw +-/3% deviation from expected rate.
4. The bandwidth percent is based on "negotiated speed" of the interface (for example, gigabitethernet 0/0/0 connected to fastethernet device to be running at 100Mbps. So if the percentage is set to 50%, this should be 50Mbps and not 500Mbps).
Yes, . The bandwidth percent is based on "negotiated speed" of the interface.
 Default configuration on box
(10.16.56.71) #show interface-profile switching-profile default
switching profile "default"
Switchport mode access
Access mode VLAN 1
Trunk mode native VLAN 1
Enable broadcast traffic rate limiting Enabled
Enable multicast traffic rate limiting Disabled
Enable unknown unicast traffic rate limiting Enabled
Max allowed rate limit traffic on port in percentage 50
Trunk mode allowed VLANs 1-4094