One problem I come across in many cases is how to use the broadcast and multicast storm control definitions in LAN switches (the storm-control broadcast level [high level] [lower level] command in Cisco devices). The problem is that in many cases I see configurations that limit the number of broadcasts to 50, 100, or 200 broadcasts per second, and this is not enough. In a network, you might install a piece of software that sends broadcasts or multicasts to the network that cross these values. Then, according to what you have configured in the switch, it will start sending traps to the management system, generating syslog messages, or even disconnecting ports (the storm-control action {shutdown | trap} command in Cisco devices).

The solution for this is simply to configure high levels of broadcasts as the threshold. When a broadcast storm happens, you will get thousands of broadcasts; so configuring a threshold level of 1,000 to 2,000 broadcasts or multicasts per second provides you with the same protection level without any disturbances to the regular network operation.

If you are not comfortable with having a high threshold level for storm control, then you should audit the network traffic with a goal of determining the rate of broadcasts sent by end stations during peak working hours and use that data to set an appropriate threshold.