22-4
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter22 Configuring Port-Based Traffic Control
Configuring Protected Ports

Disabling Storm Control

Beginning in privileged EXEC mode, follow these steps to disable storm control:
Configuring Protected Ports
Some applications require that no traffic be forwarded between ports on the same switch so that one
neighbor does not see the traffic generated by another neighbor. In such an environment, the use of
protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these
ports on the switch.
Protected ports have these features:
A protected port does not forward any traffic (unicast, multicast, or br oadcast) to an y oth er port t hat
is also a protected port. Data traffic cannot be forwarded bet wee n pro tec ted po rts at L a yer 2; onl y
control traffic, such as PIM packets, is forwarded because these packets ar e pro cesse d by the CPU
and forwarded in software. All data traffic passing between protected po rts must be fo rward ed
through a Layer 3 device.
Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
Protected ports are supported on 802.1Q trunks.
The default is to have no protected ports defined.
You can configure protected ports on a physical interface or an EtherChannel group. When you enable
protected ports for a port channel, it is enabled for all ports in the port-channel group.
Both LRE interface ports and CPE device ports can be configured as protected ports. When you use a
Cisco 575 LRE CPE or a Cisco 576 LRE 997 CPE device, the cpe protected interface configuration
command is not available.
When you use a Cisco 585 LRE CPE device (which has multiple Ethernet interfaces), the switchport
protected command allows devices on different ports of the same CPE device to exchange data locally.
In some cases, you might want to protect individual CPE device ports. You can do this with the cpe
protected interface configuration command. Devices connected to different ports on the same CPE
device cannot exchange data directly but must forward it through a Lay er 3 device.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the port to configure, and enter interface configuration mode.
Step3 no storm-control {broadcast |
multicast | unicast} level Disable port storm control.
Step4 no storm-control action {shutdown |
trap}Disable the specified storm control action.
Step5 end Return to privileged EXEC mode.
Step6 show storm-control {broadcast |
multicast | unicast}Verify your entries.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.