Configuring Layer 3 Protocol Filtering; Understanding How Layer 3 Protocol Filtering Works - Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual

Configuring Layer 3 Protocol Filtering

This chapter describes how to configure Layer 3 protocol filtering on Ethernet, Fast Ethernet, and
Gigabit Ethernet ports on the Catalyst 6000 family switches.
For complete syntax and usage information for the commands used in this chapter, refer to the
Note
Catalyst 6000 Family Command Reference publication.
This chapter consists of these sections:
•
•
•

Understanding How Layer 3 Protocol Filtering Works

Layer 3 protocol filtering prevents certain protocol traffic from being forwarded out switch ports.
Layer 3 protocol filtering is implemented on the supervisor engine and does not require a Policy Feature
Card (PFC) or Multilayer Switch Feature Card (MSFC). Broadcast and unicast flood traffic is filtered
based on the membership of ports in different protocol groups. This filtering is in addition to the filtering
provided by port-VLAN membership. Layer 3 protocol filtering is supported only on nontrunking
Ethernet, Fast Ethernet, and Gigabit Ethernet ports.
Trunking ports are always members of all protocol groups. To avoid compatibility issues with other
networking devices, Layer 3 protocol filtering is not performed on trunk ports. Layer 2 protocols, such
as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by Layer 3
protocol filtering. Dynamic ports and ports that have port security enabled are members of all protocol
groups.
You can configure a port with any one of these modes for each protocol group: on, off, or auto.
If the configuration is set to on, the port receives all the flood traffic for that protocol. If the
configuration is set to off, the port does not receive any flood traffic for that protocol.
If the configuration is set to auto, the port is added to the group only after packets of the specific protocol
are received on that port. With autolearning, ports become members of the protocol group only after
receiving packets of the corresponding protocol from the device attached to that port. Autoconfigured
ports are removed from the protocol group if no packets are received for that protocol within 60 minutes.
Ports are also removed from the protocol group when the supervisor engine detects that the link is down
on the port.
78-13315-02
Understanding How Layer 3 Protocol Filtering Works, page 33-1
Default Layer 3 Protocol Filtering Configuration, page 33-2
Configuring Layer 3 Protocol Filtering, page 33-2
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
C H A P T E R
33
33-1