If a destination MAC address is not in the MAC address table of the switch, the frame is flooded out all ports for that respective VLAN. Although some flooding is unavoidable and expected, excessive flooding might be caused by asymmetric routing, STP topology changes, or forwarding table overflow. Also, flooding can result from attacks on the network, especially in the case of denial-of-service (DoS) attacks.
Switches can now implement a unicast flood-prevention feature. This is implemented through the following global configuration command:
mac-address-table unicast-flood {limit kfps} {vlan vlan} {filter timeout alert shutdown}
An alternative configuration approach found on some Catalyst model devices (such as the 6500 series) is to use what is known as Unknown Unicast Flood Blocking (UUFB). This is configured with the following simple interface command:
switchport block unicast
No comments:
Post a Comment