01-20-2004 05:30 PM - edited 03-02-2019 01:02 PM
Does the "Storm Control" feature help in blocking sudden attacks from a specific port?
Scenario:
One person in one classroom in one building coming back to a switch (2948 or 2900XL) is flooding the network with zillion bits per second. He has a virus and doesnt know he is sending that many packets per second and bringing down the entire network. Can I block this traffic with the Storm Control feature at the port level (or even the uplink) so it block the port until it reaches a normal threshold again? These are not broadcasts, but unicast packets. Any suggestions are welcome. Thanks you.
01-20-2004 08:10 PM
Looking at the following document on CCO
Storm control only works on broadcast traffic.
You can use the port block unicast interface command to block unicast but it does not allow you to set threshholds.
01-20-2004 10:02 PM
Thank you.
So with "port block unicast" I can block flooding of UNKNOWN packets. However, with virus attacks like the slammer worm on SQL, where a machine floods the newtwork with known unicasts, that commands does not help, right?
What about rate-limiting based on VLANs?
Thanks,
Marcelo
01-20-2004 11:22 PM
IMHO, your info is obsolete.
It should be possible to control unicast storms with the latest IOS.
See http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/cli/clicmds.htm#xtocid69 for details.
Regards,
Milan
01-21-2004 08:13 AM
would this work with any type of unicasts, including known and unknown packets?
01-21-2004 11:16 PM
I think it should.
If you have any doubts, test it.
Put one switch to a lab network, connect two PCs to it, set an extremly low threshold for unicast storm control, start some traffic between the PCs and observe if unicasts are dropped or not.
Regards,
Milan
01-22-2004 07:11 AM
I tested it, and it does work. Too bad I don't have a feature like this on my 2948/80G swicthes :(
03-16-2004 11:38 AM
Is there a way to perform the same blocking for a entire switch at once, or from the router ?
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide