Storm-control on c6500 switches

Timor_SSS · ‎06-18-2007

Hi

On our network, we use many c6500 as access layer switches. Every user gets 1GB port. We decided to limit broadcasts on each port to 100 packets per second or so. We tried to do this with storm-control command, but the only option for threshold was setting port's maximum bandwidth (in percents %). There was no PPS option! The big problem is that the minimal threshold is 0.1% (simple math = 10Mbps). That threshold is enormous and useless against broadcast storms. The idea is to shut (err-disable) ports that start broadcast storms).

I know that other cisco switches such as c3560 do have the PPS threshold option. Does anyone know whether it can be done on c6500? Is it an IOS version issue? I've tryed to search for this feature on Cisco IOS navigator for 6500 and found NOTHING!

P.S.

We want to limit the broadcasts on layer 2. NO ACLs!!!

Hardware and IOS:

IOS (tm) s3223_rp Software (s3223_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF5, RELEASE SOFTWARE (fc3)

48-port 10/100/1000 RJ45 EtherModules (WS-X6148A-GE-45AF)

Supervisor Engine 32 8GE (WS-SUP32-GE-3B)

Policy Feature Card 3 (WS-F6K-PFC3B )

Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A

Edison Ortiz · ‎06-18-2007

I'm afraid that's a limitation in the 6500 series at the moment. You have one of the latest version of the IOS.

For more information on storm control, check out this link:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/s1.htm#wp1123081

Have you thought about implementing QoS with the police option ?

Timor_SSS · ‎06-18-2007

I'm afraid that QOS policies will skyrocket the CPU in case of a massive attack. Besides, the idea is to shut the "infected" ports, thus limiting the virus distribution. Policing, wont be to helpful in this scenario.

Thanks anyway.

Tim.