Port Security And Switch Stacks; Configuring Protocol Storm Protection; Understanding Protocol Storm Protection; Default Protocol Storm Protection Configuration - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Configuring Protocol Storm Protection
Port Security and Switch Stacks
When a switch joins a stack, the new switch receives the configured secure addresses. The new stack
member downloads all dynamic secure addresses from the other stack members.
When a switch (either the stack master or a stack member) leaves the stack, the remaining stack members
are notified, and the secure MAC addresses configured or learned by that switch are deleted from the
secure MAC address table. For more information about switch stacks, see
Stacks."
Configuring Protocol Storm Protection
•
•
•
Understanding Protocol Storm Protection
When a switch is flooded with Address Resolution Protocol (ARP) or control packets, high CPU
utilization can cause the CPU to overload. These issues can occur:
•
•
•
Using protocol storm protection, you can control the rate at which control packets are sent to the switch
by specifying the upper threshold for the packet flow rate. The supported protocols are ARP, ARP
snooping, Dynamic Host Configuration Protocol (DHCP) v4, DHCP snooping, Internet Group
Management Protocol (IGMP), and IGMP snooping.
When the packet rate exceeds the defined threshold, the switch drops all traffic arriving on the specified
virtual port for 30 seconds. The packet rate is measured again, and protocol storm protection is again
applied if necessary.
For further protection, you can manually error disable the virtual port, blocking all incoming traffic on
the virtual port. You can manually enable the virtual port or set a time interval for automatic re-enabling
of the virtual port.
Excess packets are dropped on no more than two virtual ports.
Note
Virtual port error disabling is not supported for EtherChannel and Flexlink interfaces.
Default Protocol Storm Protection Configuration
Protocol storm protection is disabled by default. When it is enabled, auto-recovery of the virtual port is
disabled by default.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
23-18
Understanding Protocol Storm Protection, page 23-18
Default Protocol Storm Protection Configuration, page 23-18
Enabling Protocol Storm Protection, page 23-19
Routing protocol can flap because the protocol control packets are not received, and neighboring
adjacencies are dropped.
Spanning Tree Protocol (STP) reconverges because the STP bridge protocol data unit (BPDU)
cannot be sent or received.
CLI is slow or unresponsive.
Chapter 23
Configuring Port-Based Traffic Control
Chapter 7, "Managing Switch
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
