-
Catalyst 6500 Series Software Configuration Guide, 8.7
-
Catalyst 6500 Series Switch Software Configuration Guide (Full-book PDF)
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2/PFC3
-
Configuring MLS
-
Configuring Access Control
-
Configuring NDE
-
Configuring GVRP
-
Configuring MVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Configuring Online Diagnostics
-
Administering the Switch
-
Configuring Redundancy
-
Configuring NSF with SSO MSFC Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring DHCP Snooping and IP Source Guard
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Configuring MAC Authentication Bypass
-
Configuring Web-Based Proxy Authentication
-
Tracking Host Aging
-
Configuring Network Admission Control
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN, RSPAN and the Mini Protocol Analyzer
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Configuring aCEF
-
Configuring MSFC IOS Features
-
Acronyms
-
Table Of Contents
Configuring Broadcast Suppression
Understanding How Broadcast Suppression Works
Configuring Broadcast Suppression on the Switch
Enabling Broadcast Suppression
Disabling Broadcast Suppression
Configuring Broadcast Suppression
This chapter describes how to configure broadcast suppression on the Catalyst 6500 series switches.
Note
For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.
This chapter consists of these sections:
•
•
Understanding How Broadcast Suppression Works
Note
Broadcast suppression prevents the switched ports on a LAN from being disrupted by a broadcast storm on one of the ports. A LAN broadcast storm occurs when the broadcast or multicast packets flood the LAN, creating excessive traffic and degrading the network performance. Errors in the protocol-stack implementation or in the network configuration can cause a broadcast storm.
Broadcast suppression uses filtering that measures the broadcast activity on a LAN over a time period (15264 nsec to ~1 sec) that varies based on the type of line card and speed setting on the port, and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of a specified time period. Broadcast suppression is disabled by default.
Figure 35-1 shows the broadcast traffic patterns on a port over a given period of time. In this example, broadcast suppression occurs between the time intervals T1 and T2 and between T4 and T5. During those time periods, the amount of broadcast traffic exceeded the configured threshold.
Figure 35-1 Broadcast Suppression
The broadcast suppression threshold numbers and the time interval make the broadcast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast packets to pass through.
Broadcast suppression on the Catalyst 6500 series switches is implemented in the hardware. The suppression circuitry monitors the packets passing from a port to the switching bus. Using the Individual/Group bit in the packet destination address, the broadcast suppression circuitry determines if the packet is unicast or broadcast, keeps track of the current count of broadcasts within the time interval, and when a threshold is reached, filters out the subsequent broadcast packets.
Because hardware broadcast suppression uses a bandwidth-based method to measure the broadcast activity, the most significant implementation factor is setting the percentage of the total available bandwidth that can be used by the broadcast traffic. A threshold value of 100 percent means that no limit is placed on the broadcast traffic. By entering the set port broadcast command, you can set up the broadcast suppression threshold value.
Because the packets do not arrive at uniform intervals, the time interval during which the broadcast activity is measured can affect the behavior of broadcast suppression.
On the Gigabit Ethernet ports, you can use the broadcast suppression to filter the multicast and unicast traffic. You can suppress the multicast or unicast traffic separately on a port; both require that you configure broadcast suppression. When you specify a percentage of the total bandwidth to be used for the multicast or unicast traffic, the same limit applies to the broadcast traffic.
Note
Note
Note
Configuring Broadcast Suppression on the Switch
These sections describe how to configure broadcast suppression on the Catalyst 6500 series switches:
•
•
•
Enabling Broadcast Suppression
To enable broadcast suppression for one or more ports, perform this task in privileged mode:
Note
Note
—WS-X6704-10GE
—WS-X6748-SFP
—WS-X6724-SFP
—WS-X6748-GE-TXThis example shows how to enable bandwidth-based broadcast suppression and verify the configuration:
Console> (enable) set port broadcast 3/1-6 75.25%Ports 3/1-6 broadcast traffic limited to 75.25%.On broadcast suppression ports 3/1-6 are configured to drop-packets. Console> (enable) show port broadcast 3Port Broadcast-Limit Multicast Unicast Total-Drop Action-------- --------------- --------- ------- -------------------- ------------3/1 75.25 % - - 0 drop-packets3/2 75.25 % - - 0 drop-packets3/3 75.25 % - - 2 drop-packets3/4 75.25 % - - 0 drop-packets3/5 75.25 % - - 0 drop-packets3/6 75.25 % - - 0 drop-packets3/7 - - - 0 drop-packets..<snip>.Console> (enable)This example shows how to limit the multicast and broadcast traffic to 80 percent for port 1 on
module 2 and verify the configuration:Console> (enable) set port broadcast 2/1 80% multicast enablePort 2/1 broadcast and multicast traffic limited to 80.00%.On broadcast suppression port 2/1 is configured to drop-packets.Console> (enable) show port broadcast 2/1Port Broadcast-Limit Multicast Unicast Total-Drop Action-------- --------------- --------- ------- -------------------- ------------2/1 80.00 % 80.00 % - 0 drop-packetsConsole> (enable)Disabling Broadcast Suppression
To disable broadcast suppression on one or more ports, perform this task in privileged mode:
This example shows how to disable broadcast suppression on one or more ports:
Console> (enable) clear port broadcast 2/1Port 2/1 traffic unlimited.Console> (enable)Enabling the errdisable State
Note
When broadcast, multicast, or unicast suppression occurs, you can configure the ports to either drop the packets or go into the errdisable state. The errdisable state feature can be enabled or disabled on a per-port basis and is disabled by default (the drop-packets option is enabled by default).
Note
To enable the errdisable state on a port, perform this task in privileged mode:
This example shows how to limit the broadcast traffic to 90 percent and error disable the port when broadcast suppression occurs:
Console> (enable) set port broadcast 4/6 90% violation errdisablePort 4/6 broadcast traffic limited to 90.00%.On broadcast suppression port 4/6 is configured to move to errdisabled state.Console> (enable)
Note
Once a port is put into errdisable state, it can be reenabled after a specific timeout interval has expired. Enter the set errdisable-timeout interval command to specify the timeout interval.
Enter the set port errdisable-timeout command to control on a per-port basis whether a port should be enabled after a certain time or continue to be in the errdisabled state once it has been errdisabled.
For more information, see the "Configuring a Timeout Period for Ports in errdisable State" section on page 4-12.
