Chapter 23 Configuring Network Security
Configuring MAC Move Notification
When configuring unicast flood protection, note the following syntax information:
•Use the limit keyword to specify the unicast floods on a per source MAC address and per VLAN basis; valid values are from 1 to 4000 floods per second (fps).
•Use the filter keyword to specify how long to filter unicast flood traffic; valid values are from 1 to 34560 minutes.
•Use the alert keyword to configure the system to send an alert message when frames of unicast floods exceed the flood rate limit.
•Use the shutdown keyword to configure the system to shut down the ingress port generating the floods when frames of unicast floods exceed the flood rate limit.
This example shows how to configure the system to filter unicast flood traffic for 5 minutes and set the flood rate limit to 3000 fps:
Router(config)#
Router # show
Unicast Flood Protection status: enabled
Configuration: |
|
|
|
| |
vlan | Kfps | action | timeout |
| |
| |||||
100 |
| 3 | filter | 5 |
|
Mac filters: |
|
|
|
| |
No. | vlan | souce mac addr. | installed on | time left (mm:ss) | |
Router(config)#
Configuring MAC Move Notification
When you configure MAC move notification, a message is generated when a MAC address moves from one port to another.
Note The MAC address move notification feature does not generate a notification when a new MAC address is added to the CAM or when a MAC address is removed from the CAM.
To configure MAC move notification, perform this task:
| Command | Purpose |
Step 1 |
|
|
Router(config)# [no] | Enables MAC move notification globally. | |
| notification |
|
Step 2 |
|
|
Router# show | Displays MAC move notification information. | |
|
| |
|
|
|
| Cisco 7600 Series Router Cisco IOS Software Configuration |
|
