Configuring flap guard
A flapping port is a port that changes status rapidly from up to down. A flapping port can create instability in protocols such as Spanning Tree Protocol (STP). If a port is flapping, STP must continually recalculate the role for each port. Flap guard also prevents unwanted access to the physical ports.
Flap guard detects how many times a port changes status during a specified number of seconds, and the system shuts down the port if necessary. You can manually reset the port and restore it to the active state.
Flap guard is configured and enabled on each port through the switch controller. The default setting is disabled.
The flap rate counts how many times a port changes status during a specified number of seconds. The range is 1 to 30 with a default setting of 5.
The flap duration is the number of seconds during which the flap rate is counted. The range is 5 to 300 seconds with a default setting of 30 seconds.
The flap timeout is the number of minutes before the flap guard is reset. The range is 0 to 120 minutes. The default setting of 0 means that there is no timeout.
|
To configure flap guard on a port through the switch controller:
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit <port_name>
set flapguard {enable | disable}
set flap-rate <1-30>
set flap-duration <5-300 seconds>
set flap-timeout <0-120 minutes>
next
end
end
For example:
config switch-controller managed-switch
edit S424ENTF19000007
config ports
edit port10
set flapguard enable
set flap-rate 15
set flap-duration 100
set flap-timeout 30
next
end
end
Resetting a port
After flap guard detects that a port is changing status rapidly and the system shuts down the port, you can reset the port and restore it to service.
To reset a port:
execute switch-controller flapguard reset <FortiSwitch_serial_number> <port_name>
For example:
execute switch-controller flapguard reset S424ENTF19000007 port10
Viewing the flap-guard configuration
To display flap-guard information for all ports of a FortiSwitch unit:
diagnose switch-controller switch-info flapguard status <FortiSwitch_serial_number>
For example:
diagnose switch-controller switch-info flapguard status S424ENTF19000007