Configuring Port Blocking; Blocking Flooded Traffic On An Interface - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (544 pages)
Table of Contents
Advertisement
Chapter 21
Configuring Port-Based Traffic Control
Configuring Port Blocking
By default, the switch floods packets with unknown destination MAC addresses to all ports. If unknown
unicast and multicast traffic is forwarded to a protected port, there could be security issues.
To prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can
configure a port (protected or nonprotected) to block unknown unicast or multicast packets.
Blocking unicast or multicast traffic is not automatically enabled on protected ports; you must explicitly
Note
configure it.
The port blocking feature is only supported on these switches:
•
•
Blocking Flooded Traffic on an Interface
The interface can be a physical interface or an EtherChannel group. When you block multicast or unicast
Note
traffic for a port channel, it is blocked on all ports in the port channel group.
Beginning in privileged EXEC mode, follow these steps to disable the flooding of multicast and unicast
packets to an interface:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport block multicast
Step 4
switchport block unicast
Step 5
end
Step 6
show interfaces interface-id switchport
Step 7
copy running-config startup-config
To return the interface to the default condition where no traffic is blocked, use the no switchport block
{multicast | unicast} interface configuration commands.
This example shows how to block unicast and multicast flooding on a port:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport block multicast
Switch(config-if)# switchport block unicast
Switch(config-if)# end
78-11380-12
Catalyst 2950 Long-Reach Ethernet (LRE) switches running Cisco IOS Release 12.1(14)EA1
or later
Catalyst 2950G-12-EI, 2950G-24-EI, 2950G-24-EI-DC, 2950G-48-EI, and 2955 switches running
Cisco IOS Release 12.1(19)EA1 or later
Purpose
Enter global configuration mode.
Specify the interface to configure, and enter interface
configuration mode.
Block unknown multicast forwarding to the port.
Block unknown unicast forwarding to the port.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Configuring Port Blocking
21-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
