[c-nsp] Swtich Broadcast/Multicast
Peter Rathlev
prb at sks.aaa.dk
Wed Sep 26 04:27:32 EDT 2007
>>> "Masood Ahmad Shah" <masood at nexlinx.net.pk> 09/25/07 4:12 PM >>>
> I have come to this solution and I hope things will get smooth by
using
> these interface mode commands....
>
> storm-control broadcast level 30 25
> storm-control broadcast level 25 15
>
> what do you guys suggest?
Sounds fine, but remember that "storm-control" blocks the port where the
threshold is reached. So it's not just broadcast/multicast that gets
dropped, all traffic does.
Even though I haven't tried it, I think you should be able to police the
traffic with something like this:
! Access-list 1100 permits multicast og broadcast
access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff 0100.0000.0000
feff.ffff.ffff
access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff ffff.ffff.ffff
0000.0000.0000
access-list 1100 deny 0000.0000.0000 ffff.ffff.ffff 0000.0000.0000
ffff.ffff.ffff
!
class-map match-any MATCH_MULT_BROAD
match access-group 1100
exit
!
policy-map POLICE_MULT_BROAD
class MATCH_MULT_BROAD
police 5000000 16000 exceed-action drop
exit
!
exit
!
interface GigabitEthernet0/1
service-policy input POLICE_MULT_BROAD
exit
!
That should limit broadcast to 5 mbps, with 16kB bursts allowed. It
doesn't work for SVI's, only for physical interfaces on a 3550. And
there's no threshhold concept in this.
Regards,
Peter Rathlev
Network designer, CCIP
Region Midtjylland
Denmark
More information about the cisco-nsp
mailing list