Enabling Protocol Storm Protection - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Chapter 23
Configuring Port-Based Traffic Control
Enabling Protocol Storm Protection
Beginning in privileged EXEC mode, follow these steps to configure protocol storm protection.
Command
Step 1
configure terminal
Step 2
psp {arp | dhcp | igmp} pps value
Step 3
errdisable detect cause psp
Step 4
errdisable recovery interval time
Step 5
end
Step 6
show psp config {arp | dhcp | igmp}
This example shows how to configure protocol storm protection to drop incoming DHCP traffic on
DHCP when it exceeds 35 packets per second.
Switch# configure terminal
Switch(config)# psp dhcp pps 35
To disable protocol storm protection for a specific protocol, use the no psp {arp | dhcp | igmp}
privileged EXEC command.
To disable error-disable detection for protocol storm protection, use the no errdisable detect cause psp
global configuration command.
To manually re-enable an error-disabled virtual port, use the errdisable recovery cause psp global
configuration command.
To disable auto-recovery of error-disabled ports, use the no errdisable recovery cause psp global
configuration command.
When protocol storm protection is configured, a counter records the number of dropped packets. To see
this counter, use the show psp statistics [arp | igmp | dhcp] privileged EXEC command. To clear the
counter for a protocol, use the clear psp counter [arp | igmp | dhcp] command.
Displaying Port-Based Traffic Control Settings
The show interfaces interface-id switchport privileged EXEC command displays (among other
characteristics) the interface traffic suppression and control configuration. The show storm-control and
show port-security privileged EXEC commands display those storm control and port security settings.
OL-26520-01
Purpose
Enter global configuration mode.
Configure protocol storm protection for ARP, IGMP, or DHCP.
For value, specify the threshold value for the number of packets per
second. If the traffic exceeds this value, protocol storm protection
is enforced. The range is from 5 to 50 packets per second.
(Optional) Enable error-disable detection for protocol storm
protection. If this feature is enabled, the virtual port is error
disabled. If this feature is disabled, the port drops excess packets
without error disabling the port.
(Optional) Configure an auto-recovery time (in seconds) for
error-disabled virtual ports. When a virtual port is error-disabled,
the switch auto-recovers after this time. The range is from 30 to
86400 seconds.
Return to privileged EXEC mode.
Verify your entries.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Displaying Port-Based Traffic Control Settings
23-19
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
