|
|
This chapter describes how to configure protocol filtering on Ethernet, Fast Ethernet, and Gigabit Ethernet ports on the Catalyst enterprise LAN switches. The configuration tasks in this chapter apply to Ethernet, Fast Ethernet, and Gigabit Ethernet switch ports on switching modules and fixed-configuration switches, as well as to supervisor engine Fast and Gigabit Ethernet uplink ports.
 |
Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference publication for your switch. |
This chapter consists of these sections:
Protocol filtering prevents certain protocol traffic from being forwarded out switch ports. Broadcast and unicast flood traffic is filtered based on the membership of ports in different protocol groups. This filtering is in addition to the filtering provided by port-VLAN membership. Protocol filtering is supported only on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports.
Filtering is not performed on trunk ports. Trunk ports are always members of all protocol groups. Layer 2 protocols, such as Spanning-Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by protocol filtering. Dynamic VLAN ports and ports that have port security enabled are members of all protocol groups.
You can configure a port with any one of these modes for each protocol group: on, off, or auto. If the configuration is set to on, the port receives all the flood traffic for that protocol. If the configuration is set to off, the port does not receive any flood traffic for that protocol.
If the configuration is set to auto, a port becomes a member of the protocol group only after the device connected to the port transmits packets of the specific protocol group. The switch detects the traffic, adds the port to the protocol group, and begins forwarding flood traffic for that protocol group to that port. Autoconfigured ports are removed from the protocol group if the attached device does not transmit packets for that protocol within 60 minutes. Ports are also removed from the protocol group when the supervisor engine detects that the link is down on the port.
For example, if a host that supports both IP and Internetwork Packet Exchange (IPX) is connected to a switch port configured as auto for IPX, and the host is transmitting only IP traffic, the port to which the host is connected will not forward any IPX flood traffic to the host.
However, if the host transmits an IPX packet, the supervisor engine software detects the protocol traffic and the port is added to the IPX group, allowing the port to receive IPX flood traffic. If the host does not send any IPX traffic for more than 60 minutes, the port is removed from the IPX protocol group.
By default, ports are configured to on for the IP protocol group. Typically, you should only configure a port to auto for IP if there is a directly connected end station connected to the port. The default port configuration for IPX and Group is auto.
On the Catalyst 5000 family and 2926G series switches, packets are classified into the following protocol groups:
On the Catalyst 4000 family, 2948G, and 2980G switches, packets are classified into the following protocol groups:
Protocol filtering requires the following hardware and software versions:
Table 20-1 shows the default protocol filtering configuration.
| Feature | Default Value |
|---|---|
Protocol filtering | Disabled |
ip mode | on |
ipx mode | auto |
group mode | auto |
These sections describe how to configure protocol filtering on Ethernet, Fast Ethernet, and Gigabit Ethernet ports:
To configure protocol filtering on Ethernet, Fast Ethernet, and Gigabit Ethernet ports, perform this task in privileged mode:
Task | Command | |
|---|---|---|
|
|
|
|
|
|
|
|
|
This example shows how to enable protocol filtering, set the protocol membership of ports, and verify the configuration:
Console> (enable) set protocolfilter enable Protocol filtering enabled on this switch. Console> (enable) set port protocol 7/1-4 ip on IP protocol set to on mode on ports 7/1-4. Console> (enable) set port protocol 7/1-4 ipx off IPX protocol disabled on ports 7/1-4. Console> (enable) set port protocol 7/1-4 group auto Group protocol set to auto mode on ports 7/1-4. Console> (enable) show port protocol 7/1-4 Port Vlan IP IP Hosts IPX IPX Hosts Group Group Hosts -------- ---------- -------- -------- -------- --------- -------- ----------- 7/1 4 on 1 off 0 auto-off 0 7/2 5 on 1 off 0 auto-on 1 7/3 2 on 1 off 0 auto-off 0 7/4 4 on 1 off 0 auto-on 1 Console> (enable)
To disable protocol filtering, perform this task in privileged mode:
Task | Command |
|---|---|
|
|
This example shows how to disable protocol filtering:
Console> (enable) set protocolfilter disable Protocol filtering disabled on this switch. Console> (enable)
Posted: Tue Aug 8 17:20:37 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.