In Cisco ACI, Storm Control is a feature used to mitigate traffic storms caused by excessive broadcast, multicast, or unknown unicast traffic. It can be configured with two types of actions: Drop and Shutdown.
⚙️ Storm Control Actions in Cisco ACI
1. Drop
(Default Action)
- When traffic exceeds the configured
threshold (either in packets per second or percentage of bandwidth), the
excess traffic is dropped.
- The port remains up and
operational.
- This is a non-disruptive method
to suppress storm traffic.
- Suitable for most environments where you want to limit traffic without affecting port availability
2. Shutdown
- When traffic exceeds the threshold:
- Traffic is dropped for a soaking
interval (default: 3 seconds).
- If the storm persists, the port
is administratively shut down at the end of the interval.
- You can configure the soaking interval
between 3 to 10 seconds.
- This action is more aggressive and is used when dropping traffic alone is insufficient to protect the network
🔍 Behavioral Differences
Feature |
Drop |
Shutdown |
Traffic Handling |
Drops excess traffic |
Drops traffic, then
shuts down port |
Port Status |
Remains up |
Goes down if storm
persists |
Faults/Traps |
Can raise SNMP traps |
Interface traps
raised; storm traps may be unreliable 1 |
Use Case |
Mild suppression |
Severe storm
mitigation |
🛠️ Configuration Notes
- Storm Control is configured via Access
Policies in ACI:
- Fabric > Access Policies >
Interface > Storm Control
- You can apply it to:
- Physical interfaces
- Port channels
- Monitoring policies can be added to raise
alerts when thresholds are exceeded