Storm control
- is used to limit the amount of unicast, multicast, or broadcast traffic
received in a port.
- The most common application of this feature is to prevent
broadcast storms, but it can also be used to police individual ports not to exceed
a desired rate.
-Traffic above multicast rate suppresses unicast, broadcast and multicast.
- With storm control it recommended to hardcode the interface speed to get around 10/100/1000 negotiation issue.
command:
interface FastEthernet0/1
storm-control unicast level pps 100
interface FastEthernet0/6
storm-control broadcast level 1.00
interface FastEthernet0/4
storm-control broadcast level bps 10m
verification:
show storm-control
"every broadcast is a multicast, but every multicast is not a broadcast"
if you want to limit multicast to 10% and broadcast to 20%, it will not reach the 20% broadcast.
Unicast Flooding
If a destination MAC address is not in the MAC address table of the switch, the frame is flooded out all ports for that respective VLAN. Although some flooding is unavoidable and expected, excessive flooding might be caused by asymmetric routing, STP topology changes, or forwarding table overflow. Also, flooding can result from attacks on the network, especially if denial-of-service (DoS) attacks occur.
- Switches can now implement a unicast flood-prevention feature.
global command:
mac-address-table unicast-flood {limit kfps} {vlan vlan} {filter timeout | alert | shutdown}
- is used to limit the amount of unicast, multicast, or broadcast traffic
received in a port.
- The most common application of this feature is to prevent
broadcast storms, but it can also be used to police individual ports not to exceed
a desired rate.
-Traffic above multicast rate suppresses unicast, broadcast and multicast.
- With storm control it recommended to hardcode the interface speed to get around 10/100/1000 negotiation issue.
command:
interface FastEthernet0/1
storm-control unicast level pps 100
interface FastEthernet0/6
storm-control broadcast level 1.00
interface FastEthernet0/4
storm-control broadcast level bps 10m
verification:
show storm-control
"every broadcast is a multicast, but every multicast is not a broadcast"
if you want to limit multicast to 10% and broadcast to 20%, it will not reach the 20% broadcast.
Unicast Flooding
If a destination MAC address is not in the MAC address table of the switch, the frame is flooded out all ports for that respective VLAN. Although some flooding is unavoidable and expected, excessive flooding might be caused by asymmetric routing, STP topology changes, or forwarding table overflow. Also, flooding can result from attacks on the network, especially if denial-of-service (DoS) attacks occur.
- Switches can now implement a unicast flood-prevention feature.
global command:
mac-address-table unicast-flood {limit kfps} {vlan vlan} {filter timeout | alert | shutdown}
No comments:
Post a Comment