Chapter 23 Configuring Network Security
Configuring Unicast Flood Protection
This example shows how to enable Unicast RPF
Router(config)# interface gigabitethernet 4/1
Router#
This example shows how to enable Unicast RPF strict checking mode on Gigabit Ethernet port 4/2:
Router(config)# interface gigabitethernet 4/2
Router#
This example shows how to verify the configuration:
Router# show running-config interface gigabitethernet 4/2
Building configuration...
Current configuration : 114 bytes
!
interface GigabitEthernet4/2 ip address 42.0.0.1 255.0.0.0 ip verify unicast
end
Router# show running-config interface gigabitethernet 4/1
Building configuration...
Current configuration : 114 bytes
!
interface GigabitEthernet4/1 ip address 41.0.0.1 255.0.0.0
ip verify unicast
end Router#
Configuring Unicast Flood Protection
The unicast flood protection feature protects the system from disruptions caused by unicast flooding. The Cisco 7600 series routers use forwarding tables to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry corresponding to the frame’s destination MAC address in the incoming VLAN, the frame is sent to all forwarding ports within the respective VLAN, which causes flooding. Limited flooding is part of the normal switching process, but continuous flooding can cause adverse performance effects on the network.
When you enable the unicast flood protection feature, the system sends an alert when the rate limit has been exceeded, filters the traffic, or shuts down the port generating the floods when it detects unknown unicast floods exceeding a threshold.
To configure unicast flood protection, perform this task:
| Command | Purpose |
Step 1 |
|
|
Router(config)# [no] | Enables unicast flood protection globally. | |
|
| |
| timeout alert shutdown} |
|
Step 2 |
|
|
Router# show | Displays unicast flood protection information. | |
|
|
|
|
| Cisco 7600 Series Router Cisco IOS Software Configuration |
|
| |
|
|
| |||
|
|
|
|
| |
|
|
|
| ||