Table of Contents
Advertisement
XG2000 series User's Guide
4.1.5 Storm Control
The device discards broadcast frames when the number of received broadcast frames are over a given threshold to prevent
unnecessary waste of bandwidth due to retained broadcast frames on the network. This function is called "Storm Control".
For each port, it is possible to configure storm control.
When broadcast frames are discarded by storm control, error logs are output, and storm control logging is disabled. To
re-enabled logging, these violations must be cleared with "clear violation".
To configure storm control, carry out the following procedures in the administrator EXEC mode.
xg# configure terminal
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
xg(config-if)# storm-control
xg(config-if)# exit
xg(config)# exit
4.1.6 Port Security
Port security blocks connections attempted by unregistered hosts. When a host MAC address is registered, the device
receives only those frames that use registered source addresses.
For each port, it is possible to configure port security. To register a MAC address for a host, use the "bridge mac-address-table
static" command. The port that the host is connected must be registered as a member port. In Independent VLAN Learning
mode, this must be done for all VLANs that permit transmission.
Either of the following two modes can be specified for a security-violating (unregistered) frame the device receives.
−
−
Once a security violation is detected, an error log is recorded. No further detection of a violating frame will cause an error log to
be recorded until security violations are reset by "clear violation".
To configure port security, carry out the following procedures in the administrator EXEC mode.
xg# configure terminal
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
xg(config-if)# port-security violation
{restrict | shutdown}
xg(config-if)# exit
xg(config)# exit
xg# clear violation all
4.1.7 Ingress Rate Control
It is possible to set an ingress rate-limiting value for each port in approximately 40Mbps increments.
To set an ingress rate-limiting value, carry out the following procedures in the administrator EXEC mode.
xg# configure terminal
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
xg(config-if)# ingress-bandwidth <40-10000>
xg(config-if)# exit
xg(config)# exit
The ingress rate is measured at 100us time intervals. Should burst transfers take place at intervals of 100us or over,
the ingress rate the device actually allows may be less than the specified value.
Command
Restrict mode
Filters violating frames only, forwarding permitted frames.
Shutdown mode
Filters all frames upon reception of a violating frame, and the port goes link down.
Command
Command
All Rights Reserved, Copyright (C) PFU LIMITED 2009
Switch to global configuration mode.
Switch to the interface edit mode to specify the port(s) to be
configured for storm control.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
Enable storm control.
Exit to global configuration mode.
Exit to administrator EXEC mode.
Switch to global configuration mode.
Switch to the interface edit mode to specify the port(s) to be
configured for port security.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
Enable Port Security.
Exit to global configuration mode.
Exit to administrator EXEC mode.
Clear security violations
Switch to global configuration mode.
Switch to the interface edit mode to specify the port(s) to be
configured for ingress rate control.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
Specify an ingress rate limiting value.
Exit to global configuration mode.
Exit to administrator EXEC mode.
29/315
Task
Task
Task
Advertisement
Table of Contents
