Storm Control 测试

storm-control 可以用来控制网络中报文发送数量，防止数据风暴产生，在思科 Catalyst 3560 上测试了一下，利用 WinARPAttacker 产生 ARP 广播，其速率超过接口设定的门限值。利用这一点，可以在思科交换机上实现对一些网络攻击起到防范作用。

配置、现象如下：

SW3560(config-if)#storm-control ?
action Action to take for storm-control
broadcast Broadcast address storm control
multicast Multicast address storm control
unicast Unicast address storm control

SW3560#show running-config int f0/10
Building configuration…
Current configuration : 153 bytes
!
interface FastEthernet0/10
switchport mode access
storm-control broadcast level pps 10 2
storm-control action shutdown
spanning-tree portfast
end

04:15:28: %PM-4-ERR_DISABLE: storm-control error detected on Fa0/10, putting Fa0/10 in err-disable state
04:15:28: %STORM_CONTROL-3-SHUTDOWN: A packet storm was detected on Fa0/10. The interface has been disabled.
04:15:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down
04:15:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
04:15:30: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down

04:15:58: %PM-4-ERR_RECOVER: Attempting to recover from storm-control err-disable state on Fa0/10
04:16:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
04:16:01: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up
04:16:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up

No related posts.