Back to All Scenarios
PASSEDnetwork / broadcast_storm
Broadcast Storm from Rogue Switch
An employee connects an unmanaged switch creating a Layer 2 loop. No spanning tree on the VLAN. Broadcast storm takes down all services on VLAN 10.
Pattern
BROADCAST_STORM
Severity
CRITICAL
Confidence
92%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | BROADCAST_STORM | BROADCAST_STORM | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 60 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
5 VLANs in network. Unmanaged consumer switch plugged into two wall ports on VLAN 10. STP not enabled on VLAN 10. 4 critical services on the VLAN.
Injected Error Messages (4)
broadcast storm detected on port Gi0/5 — storm control triggered, excessive broadcasts on VLAN 10, 98% broadcast traffic
broadcast storm — VLAN 10 saturated, port Gi0/8 storm control activated, service unreachable
broadcast storm on VLAN 10 causing packet loss, VoIP quality degraded to unusable, broadcast threshold exceeded
broadcast flood on VLAN 10, ERP application timeout, excessive broadcasts detected on switch uplink
Neural Engine Root Cause Analysis
A broadcast storm is occurring on network switch port Gi0/5 affecting VLAN 10, where the file server fs01 (10.10.10.10) resides. The storm control mechanism has triggered due to 98% broadcast traffic, effectively shutting down the port to prevent network congestion. This has rendered the file server unreachable and is likely causing the 18 correlated incidents, suggesting a significant network-wide impact. The root cause is typically a network loop, faulty NIC, or misconfigured network device generating excessive broadcast frames.
Remediation Plan
1. Immediately identify the device connected to port Gi0/5 causing the broadcast storm 2. Temporarily isolate the problematic port if not already done by storm control 3. Check for network loops in VLAN 10 topology and break any loops found 4. Inspect the network interface card on fs01 for hardware faults or driver issues 5. Review recent network configuration changes that might have introduced loops 6. Once storm source is eliminated, re-enable the port and verify normal broadcast levels 7. Monitor VLAN 10 for stability and verify file server accessibility
Tested: 2026-03-30Monitors: 4 | Incidents: 4Test ID: cmncjc3010070obqe7ouqkxt1