Protecting Against Rapid Mac Movement - Allied Telesis Layer 3 Switches Network Manual

The following example applies storm protection to classified broadcast traffic on port 1. If
Example
there is a storm, it takes the link down for 60 seconds.
Reboot after turning on enhanced mode.
The rest of the QoS configuration is as normal, so:
You can view matching traffic at the port level with the command:

Protecting against rapid MAC movement

Rapid MAC movement protection detects excessive MAC
address learning on a specific switch port. Once excessive
learning is detected, the switch stops learning MAC
addresses via the affected port.
Rapid MAC movement mostly occurs because of a
broadcast storm, when one packet is storming around a
layer 2 network. Rapid MAC movement protection is
simpler to configure than QoS policy-based storm
protection but is not guaranteed to stop all the varieties of
broadcast storm.
Rapid MAC movement protection is on by default. The default action is to disable learning for
1 second. This gives the CPU of the switch some idle time, which may let a fast STP-type
protocol converge. You can change the amount of idle time to suit your network, or select a
different action.
Configuration To customise the protection:
on one or
1. Set the parameters in the following command:
more ports
The parameter thrashaction specifies the switch's response to rapid MAC movement:
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
set switch enhancedmode=qoscounters
create classifier=1 macdaddr=ff-ff-ff-ff-ff-ff
create qos trafficclass=1 stormstatus=enable stormwindow=100
stormrate=100 stormaction=linkdown stormtimeout=60
create qos flowgroup=1
add qos flowgroup=1 classifier=1
add qos trafficclass=1 flowgroup=1
create qos policy=1
add qos policy=1 trafficclass=1
set qos port=1 policy=1
show qos port=1 count trafficclass
set switch port=<ports> thrashaction={learndisable|linkdown|none|
portdisable|vlandisable} thrashtimeout={none|1..86400}
vlanstatustrap={on|off}
learndisable makes the switch temporarily disable learning on the port.
linkdown makes the switch physically disable the port, so that the link goes down.
portdisable makes the switch logically disable the port, leaving the link up.
vlandisable makes the switch block traffic on only the VLAN on which the rapid
learning occurred.
Protecting the network
Products
AT-8948
x900-48 Series
AT-9900 Series
AT-9924Ts
x900-24 Series
Software Versions
2.8.1 and later
6