06-18-2007 12:50 AM - edited 03-05-2019 04:46 PM
Hi
On our network, we use many c6500 as access layer switches. Every user gets 1GB port. We decided to limit broadcasts on each port to 100 packets per second or so. We tried to do this with storm-control command, but the only option for threshold was setting port's maximum bandwidth (in percents %). There was no PPS option! The big problem is that the minimal threshold is 0.1% (simple math = 10Mbps). That threshold is enormous and useless against broadcast storms. The idea is to shut (err-disable) ports that start broadcast storms).
I know that other cisco switches such as c3560 do have the PPS threshold option. Does anyone know whether it can be done on c6500? Is it an IOS version issue? I've tryed to search for this feature on Cisco IOS navigator for 6500 and found NOTHING!
P.S.
We want to limit the broadcasts on layer 2. NO ACLs!!!
Hardware and IOS:
IOS (tm) s3223_rp Software (s3223_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3)
48-port 10/100/1000 RJ45 EtherModules (WS-X6148A-GE-45AF)
Supervisor Engine 32 8GE (WS-SUP32-GE-3B)
Policy Feature Card 3 (WS-F6K-PFC3B )
Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A
06-18-2007 05:34 AM
I'm afraid that's a limitation in the 6500 series at the moment. You have one of the latest version of the IOS.
For more information on storm control, check out this link:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/s1.htm#wp1123081
Have you thought about implementing QoS with the police option ?
06-18-2007 10:36 PM
I'm afraid that QOS policies will skyrocket the CPU in case of a massive attack. Besides, the idea is to shut the "infected" ports, thus limiting the virus distribution. Policing, wont be to helpful in this scenario.
Thanks anyway.
Tim.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide