The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Unknown unicast packet flooding (UUFB) limits unknown unicast flooding in the forwarding path to prevent the security risk of unwanted traffic reaching the Virtual Machines (VMs). UUFB prevents packets received on both vEthernet and Ethernet interfaces destined to unknown unicast addresses from flooding the VLAN. When UUFB is applied, Virtual Ethernet Modules (VEMs) drop unknown unicast packets received on uplink ports, while unknown unicast packets received on vEthernet interfaces are sent out only on uplink ports.
Before configuring UUFB, make sure that the VSM HA pair and all VEMs have been upgraded to the latest release by entering the show module command.
You must explicitly disable UUFB on the ports of an application or VM by using MAC addresses other than the one given by .
Unknown unicast packets are dropped by Cisco UCS fabric interconnects when Cisco UCS is running in end-host-mode.
On Microsoft Network Load Balancing (MS-NLB) enabled vEthernet interfaces (by entering the no mac auto-static-learn command), UUFB does not block MS-NLB related packets. In these scenarios, UUFB can be used to limit flooding of MS-NLB packets to non-MS-NLB ports within a VLAN.
Parameters |
Default |
---|---|
uufb enable |
Disabled |
switchport uufb disable |
Disabled |
Configuring UUFB
You can globally block unknown unicast packets from flooding the forwarding path for the switch.
Log in to the CLI in EXEC mode.
1. switch# configure terminal
2. switch(config)# [no] uufb enable
3. (Optional) switch(config)# show uufb status
4. (Optional) switch(config)# copy running-config startup-config
This example shows how to block unknown unicast flooding globally:
switch# configure terminal switch(config)# uufb enable switch(config)# show uufb status UUFB Status: Enabled switch(config)# copy running-config startup-config [########################################] 100%
Use one of the following commands to verify the configuration:
Command |
Purpose |
---|---|
show uufb status |
Displays the UUFB global setting for the VSM. |
show running-config port-profile profile-name |
Displays the running configuration for a specific port profile. |
show running-config interface vethernet interface-number |
Displays the running configuration for a specific interface. |
vemcmd show port uufb-override |
Displays UUFB disable state for each port. |
This example shows how to block unknown unicast packets from flooding the forwarding path globally for the VSM:
n1000v# config terminal n1000v(config)# uufb enable n1000v(config)# show uufb status UUFB Status: Enabled n1000v(config)# copy running-config startup-config [########################################] 100%
This table only includes updates for those releases that have resulted in additions to the feature.
Feature Name |
Releases |
Feature Information |
---|---|---|
UUFB |
5.2(1)SK3(2.1) |
This feature was introduced. |