Fujitsu XG2000 Switch User Manual


 
XG2000 series User's Guide
29/315
All Rights Reserved, Copyright (C) PFU LIMITED 2009
4.1.5 Storm Control
The device discards broadcast frames when the number of received broadcast frames are over a given threshold to prevent
unnecessary waste of bandwidth due to retained broadcast frames on the network. This function is called "Storm Control".
For each port, it is possible to configure storm control.
When broadcast frames are discarded by storm control, error logs are output, and storm control logging is disabled. To
re-enabled logging, these violations must be cleared with "clear violation".
To configure storm control, carry out the following procedures in the administrator EXEC mode.
Command Task
xg# configure terminal
Switch to global configuration mode.
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
Switch to the interface edit mode to specify the port(s) to be
configured for storm control.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
xg(config-if)# storm-control
Enable storm control.
xg(config-if)# exit
Exit to global configuration mode.
xg(config)# exit
Exit to administrator EXEC mode.
4.1.6 Port Security
Port security blocks connections attempted by unregistered hosts. When a host MAC address is registered, the device
receives only those frames that use registered source addresses.
For each port, it is possible to configure port security. To register a MAC address for a host, use the "bridge mac-address-table
static" command. The port that the host is connected must be registered as a member port. In Independent VLAN Learning
mode, this must be done for all VLANs that permit transmission.
Either of the following two modes can be specified for a security-violating (unregistered) frame the device receives.
Restrict mode
Filters violating frames only, forwarding permitted frames.
Shutdown mode
Filters all frames upon reception of a violating frame, and the port goes link down.
Once a security violation is detected, an error log is recorded. No further detection of a violating frame will cause an error log to
be recorded until security violations are reset by "clear violation".
To configure port security, carry out the following procedures in the administrator EXEC mode.
Command Task
xg# configure terminal
Switch to global configuration mode.
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
Switch to the interface edit mode to specify the port(s) to be
configured for port security.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
xg(config-if)# port-security violation
{restrict | shutdown}
Enable Port Security.
xg(config-if)# exit
Exit to global configuration mode.
xg(config)# exit
Exit to administrator EXEC mode.
xg# clear violation all
Clear security violations
4.1.7 Ingress Rate Control
It is possible to set an ingress rate-limiting value for each port in approximately 40Mbps increments.
To set an ingress rate-limiting value, carry out the following procedures in the administrator EXEC mode.
Command Task
xg# configure terminal
Switch to global configuration mode.
xg(config)# interface port 1 2 3
xg(config)# interface port range 1 3
Switch to the interface edit mode to specify the port(s) to be
configured for ingress rate control.
In this example, the global interface configuration mode is
selected for ports 1 though 3.
xg(config-if)# ingress-bandwidth <40-10000>
Specify an ingress rate limiting value.
xg(config-if)# exit
Exit to global configuration mode.
xg(config)# exit
Exit to administrator EXEC mode.
z The ingress rate is measured at 100us time intervals. Should burst transfers take place at intervals of 100us or over,
the ingress rate the device actually allows may be less than the specified value.