Configuring SG300s to localize Data/Broadcast Storms

mda

2[H]4U
Joined
Mar 23, 2011
Messages
2,187
Hi all,

I'd like to seek your help in configuring our "core" Cisco SG300 switches to prevent flooding/broadcast storms from taking down the network. I know these are entry grade switches for most of you but this is a big step up from our 10/100 unmanaged switches :D

Our basic layout is the following:
Internet <--> Router/Firewall <--> SG300 <--> Servers, APs and other 2 SG300s <--> all other unmanaged switches

Configuration is very minimal with the exception of a few VLANs setup for wifi users and unifi (thanks to the people on this forum for helping me out with that!). The entirety of the network is on the untagged VLAN and only some of the SSIDs are on separated tagged VLANs.

What will I need to configure in our 3 SG300s so that the flooding/storms become localized and will be easier to track down based on which group loses connectivity? As it is, my entire network goes down and I'm not quite sure where to start troubleshooting because all the ports are down and nothing short of manual port trial and error will work.

Last week it was users randomly plugging in ports that caused a loop. This week it was an old router used as a print server that magically had its DHCP turn on and froze the network. Looking to put a stop to this. If only one port on any of the switches lost connection, I'd easily have been able to track down the offending device after a 10 minute troubleshoot.

Thanks!
 

mda

2[H]4U
Joined
Mar 23, 2011
Messages
2,187
Thanks! I read that yesterday, but was not sure what to set it to to fix my problems.

What's a good rate threshold to set? How will this impact my day to day operations and should there be any thing I should be watching out for? (IE is there any instance that this will this cause other 'normal' network operations to fail?)
 
Last edited:

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
So you actually have a few things going on here.

Network loops should be solved by using spanning tree.
https://www.cisco.com/c/en/us/suppo...protocol-rstp-configuration-on-the-300-s.html

Obviously that's not going to be a fix for unmanaged switches being plugged into unmanaged switches, but if you do it on the SG300s it should be able to detect it. I would guess it you caused a loop on an unmanaged switch between two SG300s, they can probably detect that as well.

For the DHCP portion, there's not a lot you can do about it on each VLAN, since it's local broadcast traffic. You'd need something capable of filtering between ports, which I'm sure an SG300 isn't capable of. The easiest solution to this is to just put this "Print Server" onto it's own vlan. Then it doesn't matter what someone does with it, it can't harm anything else on the network.

It sounds like you just need to start actually breaking things off into VLANs, and that will cut down any broadcast storms and localize them. Obviously you REALLY need to get rid of ANY unmanaged switches. Even if you can't afford to plop down new SG300s, there are some very affordable SOHO ones that would allow you to separate out traffic. I have one of these little 8 port DLinks and it plays nice with an Edgerouter and UAP Lite AP. https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I

Right in the description it states "Loopback detection and broadcast Storm control to avoid network downtime" so you could potentially read how to set it up on these as well. I'm assuming turning the setting on Eickst will fix that for the managed switches, but you want to come up with a solution for those other switches. The real fix is just get everything as SG300s and get the cables ran back to a common area, but we're all aware it's not always that easy to do.


EDIT: I had type up another blurb about storm control, but I'm not sure where it went. In any case consider using RSTP for fixing loopback issues. Storm control is really more about bad services, and I would say if you want to configure it just follow their example. 5mbps should be more than enough for any sane device. That said if you're hanging 24 port unmanaged switches off a single managed port, you very well could hit that threshold and start dropping legitimate data. You really just need to get VLANs down to a manageable size where troubleshooting if a single vlan is broken it won't take all day. In your case if you have say 100 computers, you might be fine with making 10 vlans and only having 10 devices on each. In a larger network it might make sense to go up to like 25 devices per vlan. IMO 50 is about the limit you ever really want to have, because beyond that bad actors like chromecasts and Apple devices running bonjour can adversely impact your network and start making things not work. Most people today are moving toward client isolation where no devices can see each other. I'm fairly positive an SG300 doesn't have that capability but something like a managed Ubiquiti swtich or a Meraki switch might.

Keep in mind storm control can break legitimate services. The most common is networking cloning programs like symantec ghost. Those depend upon being able to send multicast or directed broadcast data in order for multiple computers to receive the same information at the same time. If you're using a network cloning program you might not be able to set this option, or have to make sure it's not set for a specific source port to keep it from preventing your stuff from working.
 
Last edited:
Top