Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
3
Replies

ICMP Storm

Go to solution
rmv72
Level 1
Level 1

‎09-11-2003 11:32 PM - edited ‎03-02-2019 10:17 AM

Is't possible to block ICMP strom generated by MSBLAST? I mean configure broadcast, multicast, or unicast storm control at ports. Is't possible to do it at Catalyst 2950?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎09-12-2003 01:22 AM

Hi,

Cat2950 is layer 2 device. So it's impossible to configure ACL to block ICMP on it.

You can configure storm control on ports using

conf t

int fa 0/x

storm-control broadcast level 5.00 3.00

storm-control multicast level 5.00 3.00

storm-control unicast level 50 30

storm-control action trap

e.g.

This syntax is used in the latest IOS and filters broadcasts when they exceed 5% of interface bandwith, e.g.

Another syntax using the frame number per second was used in the older IOS versions.

See Command reference Guide http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12114ea1/2950cr/cli2.htm#1870446

for storm-control command details.

Regards,

Milan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
milan.kulik
Level 10
Level 10

‎09-12-2003 01:22 AM

Hi,

Cat2950 is layer 2 device. So it's impossible to configure ACL to block ICMP on it.

You can configure storm control on ports using

conf t

int fa 0/x

storm-control broadcast level 5.00 3.00

storm-control multicast level 5.00 3.00

storm-control unicast level 50 30

storm-control action trap

e.g.

This syntax is used in the latest IOS and filters broadcasts when they exceed 5% of interface bandwith, e.g.

Another syntax using the frame number per second was used in the older IOS versions.

See Command reference Guide http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12114ea1/2950cr/cli2.htm#1870446

for storm-control command details.

Regards,

Milan

0 Helpful

Go to solution
ahojmark
Level 1
Level 1
In response to milan.kulik

‎09-13-2003 08:14 AM

Actually, the 2950s *are* capable of filtering based on L3 and L4 information. You could say they're L2-switches with L3+ intelligence.

The following would be a perfectly valid filter for the 2950:

access-list 101 permit tcp any 172.16.16.0 0.0.0.255 eq 23

However, it's true that you can't filter based on ICMP on that platform. And it's also true that you can't do storm control (or rate limiting) based on protocols.

-A

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to ahojmark

‎09-14-2003 11:03 PM

Yes, you can configure an extended ACL on 2950.

BUT you can apply it only on the virtual management interface (int VLAN1, e.g.) and filter only the traffic targeted to the switch itself.

Another possibilities are some advanced QoS functions.

But it's impossible to filter the traffic passing through the switch based on L3 info, I'm afraid.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents