Leaflet
32
OL-11615-01
To configure MAC address monitoring on a Catalyst 6500 switch running Cisco IOS, perform the
following steps:
Step 1 The first step in the configuration is to enable MAC address monitoring globally using the
mac-address-table limit command. To change the default global configuration, use the following
command options. The maximum keyword specifies the maximum number of MAC entries per VLAN
per EARL allowed, valid values are from 5 to 32000 MAC-address entries. Use the action keyword to
specify an action to be taken when the maximum threshold is exceeded (warning, limit or shutdown).
Setting the action to warning means that one syslog message will be sent and no further action will be
taken. Setting the action to limit means that the one syslog message will be sent and/or a corresponding
trap will be generated. Finally, setting the action to shutdown means that the one syslog message will
be sent and/or the VLAN is moved to the blocked state. The notification mechanism can also be set by
using the notification keyword. Use trap for traps, syslog for syslog messages, or both for both trap and
syslog.
Router(config)# mac-address-table limit [maximum
num
] [action {warning | limit |
shutdown}] [notification {syslog | trap | both}]
Step 2 Optionally, enable the monitoring of MAC addresses on a per-port basis or per-VLAN basis. Use the
mac-address-table limit command. When using the maximum and action keywords, follow the same
guidelines given in the previous step. Use the flood keyword to enable unknown unicast flooding on a
VLAN (this is enabled by default).
Router(config)# mac-address-table limit [{vlan
vlan
} | {interface
type mod/port
}] [maximum
num
] [action {warning | limit | shutdown}] [flood]
This example shows how to enable MAC address monitoring globally, and on a per-VLAN basis. MAC
address monitoring is enabled on VLAN 10, and for which a maximum threshold of 500 MAC addresses
is configured. The system is set to shutdown VLAN 10 when the maximum threshold is exceeded.
Router(config)# mac-address-table limit
Router(config)#
Router(config)# mac-address-table limit vlan 10 maximum 500 action shutdown
Router(config)#
For more information on how to configure MAC address monitoring on Catalyst 6500 running Cisco
IOS, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/i1.htm#wp1643725
Traffic Storm Control
Traffic Storm Control is a feature that is available on the Catalyst 6500 and 4500 Series switches to help
mitigate DoS and other attacks that generate large volumes of packets, resulting in traffic storms. When
a traffic storm occurs, the network is flooded with packets, creating excessive traffic and degrading
network performance. The traffic storm control feature (also called traffic suppression) prevents LAN
ports from being disrupted by a traffic storm on physical interfaces.
Traffic storm control monitors incoming traffic levels over a 1-second traffic storm control interval and,
during the interval, compares the traffic level with the traffic storm control level that you configure. The
traffic storm control level is a percentage of the total available bandwidth of the port. Each port has a
single traffic storm control level that is used for all types of traffic (broadcast, multicast, and unicast).