Chapter 36 Configuring Layer 3 Protocol Filtering; Understanding How Layer 3 Protocol Filtering Works - Cisco WS-C6506 Software Manual

Configuring Layer 3 Protocol Filtering
This chapter describes how to configure Layer 3 protocol filtering on Ethernet, Fast Ethernet, and
Gigabit Ethernet ports on the Catalyst 6500 series switches.
For complete syntax and usage information for the commands that are used in this chapter, refer to the
Note
Catalyst 6500 Series Switch Command Reference publication.
This chapter consists of these sections:
•
•
•

Understanding How Layer 3 Protocol Filtering Works

Layer 3 protocol filtering prevents certain protocol traffic from being forwarded out the switch ports.
Layer 3 protocol filtering is implemented on the supervisor engine and does not require a Policy Feature
Card (PFC) or Multilayer Switch Feature Card (MSFC). The broadcast and unicast flood traffic is
filtered based on the membership of the ports in the different protocol groups. This filtering is in addition
to the filtering that is provided by the port-VLAN membership. Layer 3 protocol filtering is supported
only on the nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports.
The trunking ports are always members of all protocol groups. To avoid compatibility issues with the
other networking devices, Layer 3 protocol filtering is not performed on the trunk ports. Layer 2
protocols, such as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected
by Layer 3 protocol filtering. The dynamic ports and ports that have port security enabled are members
of all protocol groups.
You can configure a port with any one of these modes for each protocol group: on, off, or auto.
If the configuration is set to on, the port receives all the flood traffic for that protocol. If the configuration
is set to off, the port does not receive any flood traffic for that protocol.
If the configuration is set to auto, the port is added to the group only after the packets of the specific
protocol are received on that port. With autolearning, the ports become members of the protocol group
only after receiving the packets of the corresponding protocol from the device that is attached to that
port. The autoconfigured ports are removed from the protocol group if no packets are received for that
protocol within 60 minutes. The ports are also removed from the protocol group when the supervisor
engine detects that the link is down on the port.
OL-8978-04
Understanding How Layer 3 Protocol Filtering Works, page 36-1
Default Layer 3 Protocol Filtering Configuration, page 36-2
Configuring Layer 3 Protocol Filtering on the Switch, page 36-2
C H A P T E R
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
36
36-1