Configuring Port Blocking; Default Port Blocking Configuration; Blocking Flooded Traffic On An Interface - Cisco 3845 - Security Bundle Router Software Manual
Software configuration guide
Hide thumbs
Also See for 3845 - Security Bundle Router:
- Manual (94 pages) ,
- Quick start manual (38 pages) ,
- Hardware installation manual (418 pages)
Table of Contents
Advertisement
Chapter 19
Configuring Traffic Control
To disable storm control, use the no storm-control {broadcast | multicast | unicast} level interface
configuration command.
This example shows how to enable unicast storm control on a port with an 87-percent rising suppression
level and a 65-percent falling suppression level:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# storm-control unicast level 87 65
This example shows how to enable broadcast address storm control on a port to a level of 20 percent.
When the broadcast traffic exceeds the configured level of 20 percent of the total available bandwidth of
the port within the traffic-storm-control interval, the switch drops all broadcast traffic until the end of
the traffic-storm-control interval:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# storm-control broadcast level 20
Configuring Port Blocking
By default, the switch floods packets with unknown destination MAC addresses out of all ports. If
unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To
prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can
block a port (protected or nonprotected) from flooding unknown unicast or multicast packets to other
ports.
Note
With multicast traffic, the port blocking feature blocks only pure Layer 2 packets. Multicast packets that
contain IPv4 or IPv6 information in the header are not blocked.
•
•
Default Port Blocking Configuration
The default is to not block flooding of unknown multicast and unicast traffic out of a port, but to flood
these packets to all ports.
Blocking Flooded Traffic on an Interface
The interface can be a physical interface or an EtherChannel group. When you block multicast or unicast
traffic for a port channel, it is blocked on all ports in the port-channel group.
You cannon configure port blocking on an interface that has a service instance configured.
Note
OL-23400-01
Default Port Blocking Configuration, page 19-5
Blocking Flooded Traffic on an Interface, page 19-5
Cisco ME 3800X and 3600X Switch Software Configuration Guide
Configuring Port Blocking
19-5
- Quick Links:
- Performance Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
