Another nice Layer2 security feature that I like it very much is: Traffic Storm Control. Using this feature, you can limit broadcast storm on your interface, but not only that, you can also limit unknown multicast and unknown unicast. Broadcast storm can happen when for example you aren’t applying a Spanning-Tree Protocol in your network and you have redundancy, then you see that your network will be overwhelmed with broadcast which never finishes and your network will not be operational. Using Traffic Storm Control, you can say how much percentage from the link can be occupied by broadcast frames.

The Storm Control will be applied to the ingress port, then the egress traffic will be limited.

Be careful when you are applying the Storm Control because you may end up having some issues with protocols that use broadcast to work such as DHCP for example.

To apply Traffic Storm Control, you can go to the Switch Tab on Winbox and then to the interface and put the rate that you want to be uses for the Storm as following:

As you can see, I have limited the Broadcast storm to 10% of the link. That means if my link is using 100 Mbps, then only 10 Mbps will be occupied for the broadcast storm when it happens which makes my network still operational.

That’s all about Traffic Storm Control.