[c-nsp] port-security + flood blocking?

Kevin Graham mahargk at gmail.com
Tue Sep 13 20:30:49 EDT 2005


On 9/13/05, Alexander Moskalenko <alex at teleportsv.net> wrote:

> interface FastEthernet0/2
>   storm-control broadcast level 1.00
>   storm-control multicast level 1.00
>   storm-control unicast level 2.50

Right, that's storm control. What I'm wondering is whether an
interface can be made ineligible for flooding once it has reached its
port-security max-addrs.

Since port-security implies an administrative maximum on src mac
addresses per port, once that limit is reached it can be assumed that
there are no unlearned addresses behind that port and in turn there is
no reason to flood to it.

(On a related note, is there an 'accounting mac-address' function to
report on the # of packets flooding since the last clearing
by-vlan-by-dstaddr?)



More information about the cisco-nsp mailing list