Allied Telesis 2.6.1 manual Packet Storm Protection, Layer 2 Switching

Page 69

Layer 2 Switching

69

Packet Storm Protection

The packet storm protection feature allows the user to set limits on the reception rate of broadcast, multicast and destination lookup failure packets. The software allows separate limits to be set for each port, beyond which each of the different packet types are discarded. The software also allows separate limits to be set for each of the packet types. Which of these options can be implemented depends on the model of switch hardware.

By default, packet storm protection is set to NONE, that is, disabled. It can be enabled, and each of the limits can be set using the command:

SET SWITCH PORT=port-list[BCLIMIT={NONElimit}] [DLFLIMIT={NONElimit}] [MCLIMIT={NONElimit}]

Packet storm protection limits cannot be set for each individual port on the switch, but can be set for each processing block of ports. The processing blocks are sets of 8 ports (e.g. as many as are applicable of ports 1-8, 9-16, 17-24, 25-32, 33-40 and 41-48) and each uplink port is a further processing block. Therefore, a 24-port switch has five processing blocks and a 48-port switch has eight. The two uplink ports are numbered sequentially after the last port, and therefore are 25 and 26 for a 24-port switch, and 49 and 50 for a 48-port switch. Only one limit can be set per processing block, and then applies to all three packet types. Thus each of the packet types are either limited to this value, or unlimited (NONE).

The BCLIMIT parameter specifies a limit on the rate of reception of broadcast packets for the port(s). The value of this parameter represents a per second rate of packet reception above which packets will be discarded, for broadcast packets. If the value NONE or 0 is specified, then packet rate limiting for broadcast packets is turned off. If any other value is specified, the reception of broadcast packets will be limited to that number of packets per second. See the note below for important information about packet rate limiting. The default value for this parameter is NONE.

The DLFLIMIT parameter specifies a limit on the rate of reception of destination lookup failure packets for the port. The value of this parameter represents a per second rate of packet reception above which packets will be discarded, for destination lookup failure packets. If the value NONE or 0 is specified, then packet rate limiting for destination lookup failure packets is turned off. If any other value is specified, the reception of destination lookup failure packets will be limited to that number of packets per second. See the note after the BCLIMIT parameter description for important information about packet rate limiting. The default value for this parameter is NONE. If packet storm protection limits are set on the switch, the PORT parameter must specify complete processing blocks.

A destination lookup failure packet is one for which the switch hardware does not have a record of the destination address of the packet, either Layer 2 or Layer 3 address. These packets are passed to the CPU for further processing, so limiting the rate of reception of these packets may be a desirable feature to improve system performance.

The MCLIMIT parameter specifies a limit on the rate of reception of multicast packets for the port. The value of this parameter represents a per second rate of packet reception above which packets will be discarded, for multicast packets. If the value NONE or 0 is specified, then packet rate limiting for multicast packets is turned off. If any other value is specified, the reception of multicast packets will be limited to that number of packets per second. See the note after

Software Release 2.6.1 C613-02039-00 REV A

Image 69
Contents AT-8800 Series Switch Page Contents AT-8800 Series Switch User Guide Operating the switchMaintenance and Troubleshooting Page Introducing the AT-8800 Series Switch Why Read this User Guide?Chapter AT-8800 Series Switch Documentation Set Where To Find More InformationFeatures of the AT-8800 Series Switch Online Technical SupportIntroduction Software Features Management FeaturesSpecial Feature Licences Do if You Clear Flash Memory Completely on This Chapter Getting Started with the Command Line Interface CLIConnecting a Terminal or PC Terminal Communication ParametersParameters for terminal communication Value Getting Started with the Command Line Interface CLI Enter the password at the password promptLogging Assigning an IP AddressTo change the IP address for an interface, enter the command Setting RoutesChanging a Password Choosing a PasswordTo add a static route, enter the command Not available Using the CommandsGetting Command Line Help To display the current help file, enter the commandAliases Setting System Parameters Enabling Special Feature LicencesGetting Started with the Graphical User Interface GUI Getting Started with the Graphical User Interface GUIAccessing the Switch via the GUI What is the GUI?Browser and PC Setup Supported browsers and operating systemsHttp Proxy Servers See Option 3 Connecting to an Installed Switch on Establishing a Connection to the SwitchSee Option 1 Configuring the Switch before Installation on See Option 2 Installing the Switch into the LAN onOption 1 Configuring the Switch before Installation Use this procedure ifSee Http Proxy Servers on page 23 for more information Default username is manager Option 2 Installing the Switch into the LANAt the login prompt, enter the user name and password Plug the switch into the LANAssign the vlan1 interface an IP address See Secure Access on page 29 for more informationFind out the IP address of the switch’s interface Option 3 Connecting to an Installed SwitchSelect a PC If necessary, bypass the Http proxy serverCreate a Security Officer user account Secure AccessThen enter the password for CIPHER, sbr4y3 To enable system security, use the commandTo create an RSA key pair, use the command System Status System StatusConfiguration Menu Using the GUI Navigation and FeaturesUsing Configuration Pages Quality of Service and traffic filtersAn example of a configuration page with a selection table Editable Fields Monitoring Menu Management MenuDiagnostics Menu Changing the PasswordContext Sensitive GUI Help Saving Configuration Entered with the GUI Combining GUI and CLI ConfigurationConfiguring Multiple Devices Then delete the GUI resource file, using the command To upgrade the GUILoad the new file onto the switch Upgrading the GUITroubleshooting Install the new file as the preferred GUIPoint your web browser at the switch’s IP address Deleting Temporary Files Accessing the Switch via the GUITraffic Flow Solutions SolutionIP Addresses and Dhcp Time and NTPLoading Software Page User Accounts and Privileges Using Scripts onSnmp and MIBs on A Security Officer prompt looks likeLogin Normal Mode and Security Mode To display the current operating mode, enter the commandOperating the switch Specific Parameters Storing Files in Flash Memory Remote ManagementExample output from the Show File command Using ScriptsStoring Multiple Scripts Saving the Switch’s ConfigurationLoading and Uploading Files File Naming ConventionsFile extensions and file types Extension File type/function SPA Loading FilesExample Load a Patch File Using Http Setting Loader DefaultsTo load a patch file Configure the Loader Download the patch fileExample Upload a Configuration File Using Tftp Uploading Files From the SwitchMore information To upload a log fileUpgrading Switch Software Example Upgrade to a New Software Release Using To upgrade to a new software releaseLoad the new release file onto the switch Make the release the default permanent release Enter the licence password for the software releaseEnter licence information for the release Test the releaseExample Upgrade to a new patch file To upgrade to a new patch fileCheck that the file is successfully loaded Snmp and MIBs Using the Built-in EditorFor More About Operations and Facilities Where interface is the name of an interface, such as vlan11AT-8800 Series Switch User Guide Enabling and Disabling Switch Ports Switch PortsTo display information about switch ports, use the command To enable or disable a switch port, use the commandsSTP Autonegotiation of Port Speed and Duplex Mode Speed 10/100 Port TrunkingShow VLAN=ALL Packet Storm Protection Layer 2 SwitchingPort Mirroring Port security Virtual Local Area Networks VLANs Example output from the Show Switch Port Intrusion commandTpid Vlan TaggingFormat of user priority and Vlan data in an Ethernet frame Vlan Membership using Vlan Tags Vlan membership of example of a network using tagged ports Vlan Membership of Untagged PacketsMember ports Vlans with untagged ports Creating VLANsTo destroy a VLAN, use the command To add tagged ports to a VLAN, use the commandSummary of Vlan tagging rules Protected VLANsVlan Interaction with STPs and Trunk Groups Layer 2 Switching Process Generic Vlan Registration Protocol GvrpIngress Rules Learning Process Forwarding Process Layer 2 Filtering Example output from the Show Switch Filter command Egress Rules Quality of ServiceSpanning Tree Modes Spanning Tree Protocol STPSpanning Tree and Rapid Spanning Tree Port States Spanning tree port states State MeaningRapid Spanning Tree port states State Meaning Configuring STP SET STP=stpnameALL PRIORITY=0..65535 Example output from the Show STP command Do not occur Parameter Meaning Switch Max AgeTo display STP port information, use the command Example output from the Show STP Port command 94AT-8800 Series Switch User GuideTo show STP counters, use the command Receive 96AT-8800 Series Switch User GuideTransmit DiscardedIgmp Snooping Interfaces to Layer 3 ProtocolsDisable Igmpsnooping Group List Example output from the Show IP Igmp commandEvent TriggersDescription ParametersLayer Displays the interfaces enabled for IP routing Figure Then use either of the following commandsInternet Protocol IP IP MulticastingRouting Information Protocol RIP Novell IPXLayer 103 AppleTalk Example output from the Show IPX Circuit commandLayer 105 Resource Reservation Protocol RsvpPage Maintenance and Troubleshooting Switch startup messages How the Switch Starts UpSet system territory How to Avoid ProblemsWatch for software updates If you accidentally do this, you will need to What to Do if You Clear Flash Memory CompletelyWhat to Do if Passwords are Lost What to Do if the PPP Link Disconnects RegularlyGetting the Most Out of Technical Support Checking Connections Using Ping Resetting Switch DefaultsTo get debugging output, enter the command Maintenance and Troubleshooting 113To set Ping defaults, enter the command Troubleshooting IP ConfigurationsStop a Ping that is in progress, enter the command Telnet FailsYour switch is acting as a Dhcp client Troubleshooting Dhcp IP AddressesYour switch is acting as a Dhcp server Maintenance and Troubleshooting 115To check that the PPP link is active, enter the command Troubleshooting IPX ConfigurationsLocal Workstations Can Not Access Remote Servers No Routes are Visible to the Remote RouterCheck route tables Using Trace Route for IP TrafficTo halt a trace route that is in progress, enter the command