2.6.18 Security Command
When a device on the network is malfunctioning or application programs are not well designed or
properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network
performance may be degraded or, in the worst situation, a complete halt may happen. The
Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown
unicast traffic on a per switch basis so as to protect network from broadcast/ unknown multicast/
unknown unicast storms. Any broadcast/unknown multicast/unknown unicast packets exceeding
the specified value will then be dropped.
Port Isolation is used to set up port’s communication availability that they can only communicate
with a given "uplink". Please note that if the port isolation function is enabled, the Port-based
VLAN will be invaild automatically.
As to Mac Limit function, it is to set number of threshold within which MAC address can be learned.
After it reaches threshold, any other incoming MAC address would be dropped until the recovery
mechanism activates. Please note that mac address table will be erased if the Mac Limit function
is enabled.
Enable or disable broadcast/unknown multicast/unknown unicast storm control, port
isolation and MAC Limit.
Switch(config)# security mac-
limit
Globally enable the MAC Limit function on
the switch. This is to set number of
threshold whthin which MAC address can
be learned. After it reaches threshold, any
other incoming MAC address would be
dropped until the recovery mechanism
activates.
Switch(config)# security mac-
limit notification threshold
interval [120-86400]
To set up the time interval of sending the
alarm trap or system log if the number of
source MAC address learned exceeds the
limit continuously. The allowable value is
between 120 and 86400 seconds.
Switch(config)# security port-
isolation
Enable port isolation function. If port
isolation is set to enabled, the ports cannot
communicate with each other.
Switch(config)# security port-
isolation up-link-port
[port_list]
Specify the port(s) as uplinks that are
allowed to communicate with other ports.
Switch(config)# security
storm-protection broadcast
[1-1024k]
Specify the maximum broadcast packets
per second (pps). Any broadcast packets
exceeding the specified threshold will then
be dropped.
The packet rates that can be specified are
listed below:
1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k,
4k, 8k, 16k, 32k, 64k, 128k, 256k, 512k,
1024k
To Next Page
Loading...
Need help?
General
