01-29-2014 01:16 PM - edited 03-07-2019 05:53 PM
Dear Tech Support
I have a cisco catalyhst 3750x.
I liked to implemtnet the storm control mechnism to avoid downtime. but how do it know when i user is copy a large file over the network , or the users is being victim of an atack FROM his computer to the servers or workstations locally.
I have setup a storm control mechanism with the following parameters show below, but the results is:
- The workstation on port 10 copy 1.3gb for testing. Every 10 sec on average, exceed the upper limit to 680pps, then the port goes into blocking stage , then when it drops to 280pps or so, the port goes into forwading again.( becuase it went below 580pps).
Questions:
see the config - thank you,
UHA-AMP-R-SwStack01#show storm-control
Interface Filter State Upper Lower Current
--------- - ------------ ----------- ----------- ----------
Gi1/0/10 Forwarding 600 pps 580 pps 0 pps
UHA-AMP-R-SwStack01#
! stackwise function
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
switch 3 provision ws-c3750x-24p
!
....
....
.... Truncated restt of the config
....
....
interface GigabitEthernet1/0/10
switchport access vlan 21
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
storm-control broadcast level pps 600 580
storm-control multicast level pps 600 580
storm-control unicast level pps 600 580
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
end
01-29-2014 01:42 PM
Hello
I personally found setting storm control on bps/pps values a bit time consuming - It does give you a more specifc control over the interface traffic but I have found using BW utilization a better option.
What do i need to do to only trigger the trap wihout blocking the state on that port ? - Dont think you can as this is the default feature of storm control
Looking at your config you have enabled SC for all traffic and the action is to send a trap message, this will still prohibit whatever traffic rises above the specifed thresholds but it shouldnt errordisable the port as like the SC shutdown action would do, then i suppose you could specify errdisable recovery to attempt auto recover the port at a specific time interval anyway
And why does my procesor on the master switch goes to 69% when only 2 pcs are connected.
Not sure on this one -How are they connected?
Does this only occur when SC is enabled on the ports?
Is it specific to these two pcs?
Have you check/changed the cabling?
res
Paul
.
Please don't forget to rate any posts that have been helpful.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: