Switch Feature Overview 65
BPDU Storm Protection: By default, if Spanning Tree Protocol (STP)
bridge protocol data units (BPDUs) are received at a rate of 15pps or
greater for three consecutive seconds on a port, the port will be
diagnostically disabled. The threshold is not configurable.
DHCP Snooping: If DHCP packets are received on a port at a rate that
exceeds 15 pps, the port will be diagnostically disabled. The threshold is
configurable up to 300 pps for up to 15s long using the
ip dhcp snooping
limit
command. DHCP snooping is disabled by default. The default
protection limit is 15 pps.
Dynamic ARP Inspection: By default, if Dynamic ARP Inspection packets
are received on a port at a rate that exceeds 15 pps for 1 second, the port
will be diagnostically disabled. The threshold is configurable up to 300pps
and the burst is configurable up to 15s long using the
ip arp inspection
limit
command.
Spanning tree: Spanning tree will diagnostically disable an interface when
it is unable to update the internal state of the interface for more than 90
seconds or when the internal message buffer for an interface overflows.
SFP+ transceivers: SFP+ transceivers are not compatible with SFP slots
(M3024F front panel ports). To avoid damage to SFP+ transceivers
mistakenly inserted into SFP ports, the SFP port is diagnostically disabled
when an SFP+ transceiver is detected.
ICMP storms: Ports on which ICMP storms are detected are diagnostically
disabled. The rate limit and burst sizes are configurable separately for IPv4
and IPv6.
A port that is diagnostically disabled may be returned to service using the no
shut command.
Captive Portal
The Captive Portal feature blocks clients from accessing the network until
user verification has been established. When a user attempts to connect to
the network through the switch, the user is presented with a customized Web
page that might contain username and password fields or the acceptable use
policy. You can require users to be authenticated by a local or remote RADIUS
database before access is granted.
For information about configuring the Captive Portal features, see "Captive
Portal" on page543.