Title

The RUCKUS ICX switch must have Storm Control configured on all host-facing switch ports. (Cat III impact)

Discussion

A traffic storm occurs when packets flood a LAN, creating excessive traffic and degrading network performance. Traffic storm control prevents network disruption by suppressing ingress traffic when the number of packets reaches configured threshold levels. Traffic storm control monitors ingress traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.

Check Content

Review the configuration for the desired storm control settings on host-facing ports. ! interface ethernet 1/1/5 broadcast limit 8787 multicast limit 777 unknown-unicast limit 888 ! If host facing ports are not configured for storm control protection, this is a finding.

Fix Text

Configure storm control on each host-facing switch ports. 1. Enter global configuration mode: device#configure terminal 2. Configure storm control: device (config-if-e2500-1/1/5)#broadcast limit 8787 device (config-if-e2500-1/1/5)#multicast limit 777 device (config-if-e2500-1/1/5)#unknown-unicast limit 888

Additional Identifiers

Rule ID: SV-273684r1110987_rule

Vulnerability ID: V-273684

Group Title: SRG-NET-000512-L2S-000001

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.