1. Protected Ports
- Also known as a private vlan Edge
- Protected port cannot switch traffic to other protected ports at L2
- unicast, broadcast and multicast.
- except control plane Packet
- Protected port cannot switch traffic to other protected ports at L2
- Locally significant
- configuration
int eth 0/1
switchport protected2. Port Blocking
- each switchport forward multicast and unknown unicast by default
- Protected port on unprotected
- change with port blocking
int eth 0/1
switchport block multicast
# or
switchport block unicast3. Strom control
- Known as traffic Suppression
- L2 traffic rate-limiting tech, unicast, multicast and broadcast.
- packet per traffic type are counted in 1-second interval, traffic above threshold limit is dropped.
- Not effected for control plane traffic (BPDU, CDP, etc)
- Configuration
storm control [multicast|unicast| broadcast] level [bps|pps]
storm control action [shutdown|trap]- Notes
- low and high threshold can be set
- same level take percentage of interface bandwidth
- for pps/bps valuse (k) , mega, and giga (g) can be used.
4. Protocol storm Protection
- control plane rate-limit mechanism
- ARP
- DHCP
- IGMP
- Configuration
# global config
psp [arp|dhcp|igmp] pps packet exceeding will be dropped 30 seconds
