I have several Catalyst 6500 (Supervisor 32) aggregation switches with WS-X6148A-GE-TX and WS-X6148-GE-TX line cards.
These line cards do not support storm-control/broadcast suppression. This impacted us badly during a recent spanning tree event.
As it stands, we are at risk of overwhelming control planes with excess broadcast or multicast traffic, and I need to find alternative ways to protect these switches.
I have been researching STP enhancements, and control-plane policing in the folowing documents, and would appreciate advice from engineers who may have had to implement similar workarounds for storm-control in a service provider setting.
* Configuring Denial of Service Protection
* Configuring Control Plane Policing
* Configuring Optional STP Features
So, if we can't mitigate agaisnt STP events using storm-control or broadcast suppression, what might be the best combination of STP enhancements and control plane policing?
For example, it it possible to rate-limit broadcast/mult=icast, STP and ARP on a per VLAN basis? If so, how?