Unknown Unicast Flood Control


Note For complete syntax and usage information for the commands used in this chapter, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

  • Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.


 


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum


 

Prerequisites for Unknown Traffic Flood Control

None.

Restrictions for Unknown Traffic Flood Control

When unknown unicast flood rate-limiting (UUFRL) is enabled, per-VLAN learning must be enabled on all the Layer 3 routed ports, otherwise, any unicast flooded packet coming into a routed port will also be rate-limited by UUFRL.

Information About Unknown Traffic Flood Control

By default, unknown unicast traffic is flooded to all Layer 2 ports in a VLAN. You can use the unknown unicast flood blocking (UUFB) and unknown unicast flood rate-limiting (UUFRL) features to prevent or limit this traffic.

The UUFB features block unknown unicast traffic flooding at a specific port, only permitting egress traffic with MAC addresses that are known to exist on the port. The UUFB features are supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.

The UUFRL feature globally rate limits unknown unicast traffic on all VLANs.

Default Settings for Unknown Traffic Flood Control

None.

How to Configure Unknown Traffic Flood Control

How to Configure UUFB

To configure UUFB, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface {{ type slot/port } | { port-channel number }}

Selects the interface to configure.

Step 3

Router(config-if)# switchport

Configures the port for Layer 2 switching.

Step 4

Router(config-if)# switchport block { unicast }

Enables unknown unicast flood blocking on the port.

How to Configure UUFRL

To configure UUFRL, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# platform rate-limit layer2 unknown rate-in-pps [ burst-size ]

Enables UUFRL and sets the maximum packet rate.

(Optional) Specify a burst size limit.

Step 3

Router(config)# exit

Exits configuration mode.

When you configure UUFRL, note the following information:

  • For the rate-in-pps value:

The range is 10 through 1,000,000 (entered as 1000000).

There is no default value.

Values lower than 1,000 (entered as 1000) should offer sufficient protection.

  • For the burst-size value:

The range is 1 through 255.

The default is 10.

The default value should provide sufficient protection.

Configuration Examples for Unknown Traffic Flood Control

This example shows how to configure UUFB on Gigabit Ethernet port 5/12 and how to verify the configuration:

Router# configure terminal
Router(config)# interface gigabitethernet 5/12
Router(config-if)# switchport
Router(config-if)# switchport block unicast
Router(config-if)# do show interface gigabitethernet 5/12 switchport | include Unknown
Unknown unicast blocked: enabled

This example shows how to configure UUFRL with a rate limit of 1000 pps with a burst of 20 packets:

Router# configure terminal
Router(config)# platform rate-limit layer2 unknown 1000 20
Router(config)# exit


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum