Shulou(Shulou.com)06/03 Report--

conf t

service timestamps debug datetimelocaltime #Mark DEBUG messages with local time (to the nearest millisecond)

service timestamps log datetimelocaltime #Mark log information with local time (to the nearest millisecond)

hostname xxxxxxxxxxxxxxxx

enable secret xxxxxxxxxxxxxx

vtp mode transparent #Vlan relay mode is transparent (unlike the client automatically learns the vlan protocol from the server)

errrecoverable cause all #reactivate all kinds of suspended animation

vlan 10

interface range fa0/1 -48 #1-48 100MB port configuration access mode

switchport accessvlan 10

switchport modeaccess

no shut

exit

interface range g0/1 -2 #1-2 Gigabit port configuration trunk mode

desCon_to_JSMA-MDF-3750X

switchport modetrunk

no shut

exit

interface Vlan1 #Close VLAN 1

shutdown

interface Vlan254

ip address10.8.254.4 255.255.255.0

no shut

exit

ip default-gateway 10.8.254.254 #Set default gateway

line vty 0 15 #Maximum of 15 simultaneous remote logins allowed

pass jsmaadmin@itservice

exit

exit

cop run sta

switchport port-security #Turn on port protection

no logging event link-status #No logging event link-status

storm-control broadcast level 0.80 #When broadcast data traffic reaches 0.8M, protective measures are enabled

storm-control action shutdown #Port will be placed error-disable

storm-control action trap #An SNMP Trap message

spanning-tree portfast #port goes directly into foward mode

spanning-tree bpdufilter enable

spanning-tree guard root #Enable root guard

Note 1

This is for the access port, a normal switch interface from down to up to go through:Down,listening,learning,fowarding several states, a total of 30 seconds, thus determining whether this port is blocking or fowarding, but also the switch to prevent loop mechanism. However, for interfaces that directly access terminal devices such as PCs, there is no need to go through these steps, that is, directly enter the foarding state from down.

Basic configuration method:

Sw1(config)#spanning-treeportfast default

It is generally used in switches at the access layer.

Sw1(config-if)#spanning-treeportfast enabled separately

Sw1(config-if)#spanning-treeportfast disable (a port is disabled, usually a port connected to another switch)

Note 2

storm-control is configured to take protective measures (such as closing the port or sending SNMPtrap messages) when unicast, multicast, or broadcast data frames entering the switch from a port exceed a set value

The switch counts the number of frames of various types (unicast, multicast, broadcast) entering a port every 1 second and compares it with the suppression threshold set for that port.

[Configuration]

int f0/1

storm-control action shutdown or trap sets the action taken by the port when a storm is detected (the shutdown parameter indicates that the port will be put into error-disable, and the trap parameter indicates that an SNMP Trap message is generated)

storm-control broadcast level [percentage of suppression started] [percentage of reuse] storm is considered when broadcast data traffic reaches the percentage of the port

storm-control multicast level [percentage of suppression started] [percentage of reuse] storm is considered when multicast data traffic reaches the percentage of the port

storm-control unicast level [percentage of suppression started] [percentage of reuse] storm is considered when unicast data traffic reaches what percentage of the port

storm-controlbroadcast level bps [bandwidth value at which suppression begins] [bandwidth value at which reuse occurs] storm is considered when broadcast data traffic reaches bps (i.e. bandwidth)

storm-control multicast level bps [bandwidth value at which suppression begins] [bandwidth value at which reuse occurs] storm is considered when multicast data traffic reaches bps (i.e. bandwidth)

storm-control unicast level bps [bandwidth value at which suppression begins] [bandwidth value at which reuse occurs] storm is considered when unicast data traffic reaches bps (i.e., bandwidth)

storm-control broadcast level pps [number of messages per second to start suppression] [number of messages per second to reuse] storm is considered when broadcast data traffic reaches pps (i.e. number of packets per second)

storm-control multicast levell pps [number of packets per second to start suppression] [number of re-used packets per second] storm is considered when multicast data traffic reaches pps (that is, how many packets per second)

storm-control unicast levell pps [Packets per second to start suppression] [Packets per second to reuse] storm is considered when unicast data traffic reaches pps (i.e., how many packets per second)

Note: The parameter to be reused may not be configured, if not configured, the parameter is equal to the parameter value to start suppression.

-----------------

Examples:

interfaceFastEthernet0/1

switchport mode access

storm-control broadcast level 30.00 20.00

storm-control action shutdown

!

interfaceFastEthernet0/2

switchport mode access

storm-control unicast level pps 100k

storm-control action trap (see ios version support no)

!

interfaceFastEthernet0/3

switchport mode access

storm-control multicast level 60.00 50.00

[View]

1) Use the command showstorm-control broadcast to view storm control information for broadcast frames on this switch.

SW#showstorm-control broadcast

Interface Filter State Upper Lower Current

--------- ------------- ----------- ----------- ----------

Fa0/1 Forwarding 30.00% 20.00% 0.00%

2) Use the command showstorm-control multicast to view storm control information for broadcast frames on this switch.

SW#showstorm-control multicast

Interface Filter State Upper Lower Current

--------- ------------- ----------- ----------- ----------

Fa0/3 Forwarding 60.00% 50.00% 0.00%

3) Use the command showstorm-control unicast to view storm control information for broadcast frames on this switch.

SW2#showstorm-control unicast

Interface Filter State Upper Lower Current

--------- ------------- ----------- ----------- ----------

Fa0/2 Forwarding 100k pps 100k pps 0 pps

Note: If you use the showstorm-control command, the effect is the same as that of show storm-control broadcast. Only the storm control signals for broadcast frames on this switch are viewed.

4) Use the command showstorm-control interface name broadcast or multicast or unicast

Like it :

SW1#show storm-control

Storm control: broadcastthreshold 40 with default packet-size 64

View storm control information set on a port for broadcast/multicast/unicast

Port 3

PortFast:

Used for access port, can bypass listening and learning state directly into forwarding state save 30S

spanning-tree portfast (cisco proprietary){disable| truck }

Because it is an access port, it will not receive BPDUs under normal circumstances. If BPDUs are received, STP will turn this port to blocking state.

global command

spanning-tree portfastbpduguard, when receiving BPDUs, STP closes this port, better protected port,

spanning-treeportfast bpdufilter default, default is the meaning of all interfaces, then when receiving BPDU, STP changes the port to a normal port, no longer a portfast port,

View with show spanning-tree summaytotals

UplinkFast:

Used in redundant links, when the enabled link is broken, another backup link bypasses the listening and learning state and directly enters the forwarding state, saving 30S. If the original switch resumes connection, the switch waits for 2 times the forwarding delay time plus 5 seconds before switching the port to forwarding state. This gives adjacent ports time to transition from the listening and learning state to the forwarding state.

spanning-tree uplinkfast (cisco proprietary)

BackboneFast:

When a switch receives a bad BPDU from a blocked port, it queries the root switch and finds that the network has changed. It immediately switches the blocked port to the listening state instead of waiting for Max Age. Save 20S

Spanning-tree backbonefast (cisco proprietary)

Root guard：

(config-if)#spanning-tree guard root Enable root guard, ports can only forward BPDUs but not receive BPDUs, prohibit ports from becoming root ports, and enter blocking state when receiving superior BPDUs. it is use to prevent newly added switch with lower priority from becoming root bridge. protect that existing root switch with spanning-tree guard root on the switch port connecting the newly adde switch, automatically block this port, and use show spanning-tree inconsistentports to view ports blocked due to root protection

BPDUguard：

global command

spanning-tree portfastbpduguard, when receiving BPDUs, STP closes this port, better protected port,

spanning-treeportfast bpdufilter default, default is the meaning of all interfaces, then when receiving BPDU, STP changes the port to a normal port, no longer a portfast port,

(config)#spanning-tree portfast{ bpduguard |bpdufilter}default PortFast enabled on port automatically enables BPDU guard, when enabled the port that receives BPDUs enters the errdisable state is turned off, so uplink ports should not be enabled

Interface: spanning-tree bpduguard [enable| disable] spanning-tree bpdufilter [enable |disable] A loop may occur if BPDUs are not sent or received on the interface

All these can be configured in both global mode and interface mode, interface configuration can override global configuration and there is also a loopguard, who can give a summary?!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.