Cisco Systems EA6500 Manual De Usuario
27-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1
Configuring Layer 3 Protocol Filtering
You can configure a Layer 2 LAN port with any one of these modes for each protocol group: on, off, or
auto. If the configuration is set to on, the port allows all traffic for that protocol. If the configuration is
set to off, the port does not allow any traffic for that protocol.
auto. If the configuration is set to on, the port allows all traffic for that protocol. If the configuration is
set to off, the port does not allow any traffic for that protocol.
If the configuration is set to auto, the Layer 2 LAN port initially does not allow any flood traffic to be
transmitted from the port. After a packet is received on that port, the port will transmit traffic for that
protocol group. Once in this state, the port reverts back to allowing flood traffic to be transmitted if no
packets for that protocol have been received for 60 minutes. Layer 2 LAN ports are also removed from
the protocol group when the supervisor engine detects that the link is down on the port.
transmitted from the port. After a packet is received on that port, the port will transmit traffic for that
protocol group. Once in this state, the port reverts back to allowing flood traffic to be transmitted if no
packets for that protocol have been received for 60 minutes. Layer 2 LAN ports are also removed from
the protocol group when the supervisor engine detects that the link is down on the port.
If a host that supports both IP and IPX is connected to a Layer 2 LAN port configured as auto for IPX,
but the host is transmitting only IP traffic, the port to which the host is connected will not transmit any
flooded IPX traffic. However, if the host sends an IPX packet, the supervisor engine software detects the
protocol traffic and the port begins transmitting flooded IPX traffic. If the host stops sending IPX traffic
for more than 60 minutes, the port stops transmitting flooded IPX traffic.
but the host is transmitting only IP traffic, the port to which the host is connected will not transmit any
flooded IPX traffic. However, if the host sends an IPX packet, the supervisor engine software detects the
protocol traffic and the port begins transmitting flooded IPX traffic. If the host stops sending IPX traffic
for more than 60 minutes, the port stops transmitting flooded IPX traffic.
By default, Layer 2 LAN ports are configured to on for all protocol groups. Typically, you should only
configure a Layer 2 LAN port to auto for IP if an end station is directly connected to the port.
configure a Layer 2 LAN port to auto for IP if an end station is directly connected to the port.
Protocol filters are configured according to groups of protocols, not specific protocols. There are four
groups of protocols defined:
groups of protocols defined:
•
IP
•
IPX
•
AppleTalk, DECnet, and Banyan VINES (“group”)
•
Packets not belonging to any of these protocols (“other”)
Configuring Layer 3 Protocol Filtering
These sections describe how to configure Layer 3 protocol filtering on Ethernet-type VLANs and on any
type of Layer 2 LAN port:
type of Layer 2 LAN port:
•
•
•
Note
With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level
commands by entering the do keyword before the EXEC mode-level command.
commands by entering the do keyword before the EXEC mode-level command.
Enabling Layer 3 Protocol Filtering
To enable Layer 3 protocol filtering globally, perform this task:
Command
Purpose
Router(config)# protocol-filter
Enables Layer 3 protocol filtering globally.
Router(config)# no protocol-filter
Disables Layer 3 protocol filtering globally.