User's Manual
29-3
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 29 Configuring Port-Based Traffic Control
Information About Port-Based Traffic Control
Storm Control and Threshold Levels
You configure storm control on a port and enter the threshold level that you want to be used for a 
particular type of traffic. 
However, because of hardware limitations and the way in which packets of different sizes are counted, 
threshold percentages are approximations. Depending on the sizes of the packets making up the 
incoming traffic, the actual enforced threshold might differ from the configured level by several 
percentage points.
Note Storm control is supported on physical interfaces. You can also configure storm control on an 
EtherChannel. When storm control is configured on an EtherChannel, the storm control settings 
propagate to the EtherChannel physical interfaces. 
Small-Frame Arrival Rate
Incoming VLAN-tagged packets smaller than 67 bytes are considered small frames. They are forwarded 
by the switch, but they do not cause the switch storm-control counters to increment. In Cisco IOS 
Release
 12.2(44)SE and later, you can configure a port to be error disabled if small frames arrive at a 
specified rate (threshold). 
You globally enable the small-frame arrival feature on the switch and then configure the small-frame 
threshold for packets on each interface. Packets smaller than the minimum size and arriving at a specified 
rate (the threshold) are dropped since the port is error disabled. 
If the errdisable recovery cause small-frame global configuration command is entered, the port is 
reenabled after a specified time. (You specify the recovery time by using errdisable recovery global 
configuration command.)
Protected Ports
Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so 
that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use 
of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between 
these ports on the switch.
Protected ports have these features:
  • A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that 
is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only 
control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU 
and forwarded in software. All data traffic passing between protected ports must be forwarded 
through a Layer 3 device.
  • Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
Protected Port Configuration Guidelines
You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an 
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, 
it is enabled for all ports in the port-channel group.










