Specifications

ManualsBrandsCisco ManualsComputer equipmentIE 2000

131

132

133

134

135

136

137

138

139

140

9-3

System Management Software Configuration Guide for Cisco IE 2000U and Connected Grid Switches

Chapter 9 Configuring Port-Based Traffic Control

Information About Port-Based Traffic Control

The combination of the storm-control suppression level and the 1-second time interval controls the way

the storm control algorithm works. A higher threshold allows more packets to pass through. A threshold

value of 100 percent means that no limit is placed on the traffic. A value of 0.0 means that all broadcast,

multicast, or unicast traffic on that port is blocked.

Note Because packets do not arrive at uniform intervals, the 1-second time interval during which traffic

activity is measured can affect the behavior of storm control.

You use the storm-control interface configuration commands to set the threshold value for each traffic

type.

Protected Ports

Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so

that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use

of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between

these ports on the switch.

Note NNIs default to non-protected ports. Since UNIs and ENIs s provide port isolation, protected port is not

available on UNI and ENI ports. For more information about port types, see the “UNI, NNI, and ENI

Port Types” section in Interfaces Software Configuration Guide for Cisco IE 2000U and Connected Grid

Switches.

Protected ports have these features:

• A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that

is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only

control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU

and forwarded in software. All data traffic passing between protected ports must be forwarded

through a Layer 3 device.

• Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

Port Blocking

By default, the switch floods packets with unknown destination MAC addresses out of all ports. If

unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To

prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can

block a port (protected or nonprotected) from flooding unknown unicast or multicast packets to other

ports.

Port Security

This section includes the following topics:

• Secure MAC Addresses, page 9-4

• Security Violations, page 9-4