環境
HP2530 YB.16.10.0011
Cisco WS-C3560CG-8PC-S 12.2(55)EX3
簡略図
端末PCを利用してスイッチのLANに接続し、DHCPブロードキャストのパケットを送信して、ブロードキャストストームを発生させる。
Catalyst1の設定
(config)#vlan 50
(config-vlan)#name storm
(config-vlan)#end
(config)#no spanning-tree vlan 1
(config)#no spanning-tree vlan 50
(config)#interface range gi0/1-2
(config-if-range)#switchport trunk encapsulation dot1q
(config-if-range)#switchport mode trunk
(config-if-range)#switchport access vlan 50
(config-if-range)#no keepalive
下記の設定によりブロードキャストが帯域の0.3%以上になるとブロードキャストの転送を行わなくなり、インターフェースはerr-disableになる。
(config-if-range)#storm-control broadcast level 0.3
(config-if-range)#storm-control action shutdown
(config-if-range)#end
pc端末用インターフェース
(config)#interface gi0/3
(config-if)#switchport mode access
(config-if)#switchport access vlan 50
(config-if)#no keepalive
(config-if)#exit
Catalyst2の設定
(config)#vlan 50
(config-vlan)#name storm
(config-vlan)#end
(config)#no spanning-tree vlan 1
(config)#no spanning-tree vlan 50
(config)#interface range gi0/1-2
(config-if-range)#switchport trunk encapsulation dot1q
(config-if-range)#switchport mode trunk
(config-if-range)#switchport access vlan 50
(config-if-range)#no keepalive
(config-if-range)#exit
HP2530の設定
#configure terminal
(config)#vlan 50
(vlan-50)#name storm
(vlan-50)#tagged 3-4
HP2530のブロードキャストストームの設定をする場合は下記コマンド。
ポート3,4でブロードキャストストームが1%を超えたらイベント通知と60秒間ポートをシャットダウン。
(config)# fault-finder broadcast-storm 3-4 action warn-and-disable 60 percent 1
PC端末接続後の確認
HPとCatalystのそれぞれでブロードキャスト検知状況とインターフェースのup/downをログから確認。
Catalyst3560
#show storm-control
Interface Filter State Upper Lower Current
--------- ------------- ----------- ----------- ----------
Gi0/2 Forwarding 10.00% 10.00% 4.22%
Gi0/3 Link Down 50.00% 50.00% 0.00%
#show logging
Log Buffer (4096 bytes):
*Mar 1 01:44:08.432: %PM-4-ERR_DISABLE: storm-control error detected on Gi0/2, putting Gi0/2 in err-disable state
--More-- *Mar 1 01:44:08.453: %STORM_CONTROL-3-SHUTDOWN: A packet storm was detected on Gi0/2. The interface has been disabled.
*Mar 1 01:44:09.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Mar 1 01:44:10.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
*Mar 1 01:46:44.974: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Mar 1 01:46:50.789: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 01:46:51.198: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
*Mar 1 01:46:55.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
HP2530
(config)# show fault-finder broadcast-storm
Bcast | Port Rising Disable Disable Time
Port Storm | Status Threshold Action Timer Left
----- ----- + ------ --------- ---------------- ---------- ------------
1 No | Up - none - -
2 No | Down - none - -
3 Yes | Up 1% warn-and-disable 60 -
4 Yes | Down 1% warn-and-disable 60 47 sec
5 No | Down - none - -
6 No | Down - none - -
7 No | Down - none - -
8 No | Down - none - -
9 No | Down - none - -
10 No | Down - none - -
(config)# show logging
Keys: W=Warning I=Information
M=Major D=Debug E=Error
---- Event Log listing: Events Since Boot ----
I 04/21/23 14:37:58 00184 mgr: Log cleared as a result of 'clear logging'
command
I 04/21/23 14:38:34 00900 ports: port 4 timer (71) has expired
I 04/21/23 14:38:38 00076 ports: port 4 is now on-line
W 04/21/23 14:38:45 02676 FFI: port 4-Excessive Broadcasts. Broadcast-storm
control threshold 1 percent exceeded.
M 04/21/23 14:38:45 02673 FFI: port 4-Port disabled by Fault-finder.
I 04/21/23 14:38:45 00898 ports: Fault Finder(71) has disabled port 4 for 60
seconds
I 04/21/23 14:38:45 00077 ports: port 4 is now off-line
I 04/21/23 14:39:45 00900 ports: port 4 timer (71) has expired
I 04/21/23 14:39:48 00076 ports: port 4 is now on-line