Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
7
Replies

Unicast Packet Storm Blocking on Cat IOS and IOS

mlew
Level 1
Level 1

‎01-20-2004 05:30 PM - edited ‎03-02-2019 01:02 PM

Does the "Storm Control" feature help in blocking sudden attacks from a specific port?

Scenario:

One person in one classroom in one building coming back to a switch (2948 or 2900XL) is flooding the network with zillion bits per second. He has a virus and doesn’t know he is sending that many packets per second and bringing down the entire network. Can I block this traffic with the “Storm Control” feature at the port level (or even the uplink) so it block the port until it reaches a normal threshold again? These are not broadcasts, but unicast packets. Any suggestions are welcome. Thanks you.

Labels:
0 Helpful
7 Replies 7

rsissons
Level 5
Level 5

‎01-20-2004 08:10 PM

Looking at the following document on CCO

http://www.cisco.com/en/US/products/hw/switches/ps607/products_command_reference_chapter09186a008007e90c.html#xtocid1214010

Storm control only works on broadcast traffic.

You can use the port block unicast interface command to block unicast but it does not allow you to set threshholds.

0 Helpful

mlew
Level 1
Level 1
In response to rsissons

‎01-20-2004 10:02 PM

Thank you.

So with "port block unicast" I can block flooding of UNKNOWN packets. However, with virus attacks like the slammer worm on SQL, where a machine floods the newtwork with known unicasts, that commands does not help, right?

What about rate-limiting based on VLANs?

Thanks,

Marcelo

0 Helpful

milan.kulik
Level 10
Level 10
In response to rsissons

‎01-20-2004 11:22 PM

IMHO, your info is obsolete.

It should be possible to control unicast storms with the latest IOS.

See http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/cli/clicmds.htm#xtocid69 for details.

Regards,

Milan

0 Helpful

mlew
Level 1
Level 1
In response to milan.kulik

‎01-21-2004 08:13 AM

would this work with any type of unicasts, including known and unknown packets?

0 Helpful

milan.kulik
Level 10
Level 10
In response to mlew

‎01-21-2004 11:16 PM

I think it should.

If you have any doubts, test it.

Put one switch to a lab network, connect two PCs to it, set an extremly low threshold for unicast storm control, start some traffic between the PCs and observe if unicasts are dropped or not.

Regards,

Milan

0 Helpful

mlew
Level 1
Level 1
In response to milan.kulik

‎01-22-2004 07:11 AM

I tested it, and it does work. Too bad I don't have a feature like this on my 2948/80G swicthes :(

0 Helpful

bw3481
Level 1
Level 1
In response to mlew

‎03-16-2004 11:38 AM

Is there a way to perform the same blocking for a entire switch at once, or from the router ?

Thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents