UMN:CLI User Manual
V5808
386
8.9 Flood Guard
Flood guard limits number of packets, how many packets can be transmitted, in
configured bandwidth, whereas Rate limit controls packets through configuring width of
bandwidth, which packets pass through. This function prevents receiving packets more
than configured amount without enlarging bandwidth.
<Rate Limit> <Flood Guard>
Bandwidth
Control
bandwidth
Configure Rate Limit on port
1
2
3
n
: :
n+1
n+2
Configure Flood-guard to
allow packets as many as ‘n’
per a second
‘n’ packets
allowed for
a second
Packets
over thrown
away
Fig. 8.38 Rate Limit and Flood Guard
8.9.1 MAC Flood Guard
MAC flood guard controls the number of incoming packets per second, which have the
same MAC address. Using this function, you can protect malicious attacks such as Denial
of Service (DoS) from unauthorized user.
To configure the MAC flood guard, use the following command.
mac-flood-guard PORTS
<1-6000>
Enables the MAC flood guard on a port by specifying
the number of incoming packets with the same MAC
address per second.
PORTS: port number
1-6000: the number of packets per second
no mac-flood-guard [PORTS]
Disables the MAC flood guard.
To display the configured MAC flood guard, use the following command.
Shows the configured MAC flood guard.
show mac-flood-guard macs
Shows the MAC addresses blocked by the MAC flood
guard.
Occasionally, unknown unicast or multicast traffic is flooded to a switch port because a
MAC address has timed out or has not been learned by the switch.
To Next Page
Loading...