- Preface
- Product Overview
- Virtual Switching Systems (VSS)
- IP Unicast Layer 3 Switching
-
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
- Index
Unknown Unicast Flood Control
- Prerequisites for Unknown Traffic Flood Control
- Restrictions for Unknown Traffic Flood Control
- Information About Unknown Traffic Flood Control
- Default Settings for Unknown Traffic Flood Control
- How to Configure Unknown Traffic Flood Control
- Configuration Examples for Unknown Traffic Flood Control
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for Unknown Traffic Flood Control
Restrictions for Unknown Traffic Flood Control
When unknown unicast flood rate-limiting (UUFRL) is enabled, per-VLAN learning must be enabled on all the Layer 3 routed ports, otherwise, any unicast flooded packet coming into a routed port will also be rate-limited by UUFRL.
Information About Unknown Traffic Flood Control
By default, unknown unicast traffic is flooded to all Layer 2 ports in a VLAN. You can use the unknown unicast flood blocking (UUFB) and unknown unicast flood rate-limiting (UUFRL) features to prevent or limit this traffic.
The UUFB features block unknown unicast traffic flooding at a specific port, only permitting egress traffic with MAC addresses that are known to exist on the port. The UUFB features are supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.
The UUFRL feature globally rate limits unknown unicast traffic on all VLANs.
Default Settings for Unknown Traffic Flood Control
How to Configure Unknown Traffic Flood Control
How to Configure UUFB
To configure UUFB, perform this task:
|
|
|
---|---|---|
Router(config)# interface {{ type slot/port } | { port-channel number }} |
||
How to Configure UUFRL
To configure UUFRL, perform this task:
|
|
|
---|---|---|
Router(config)# platform rate-limit layer2 unknown rate-in-pps [ burst-size ] |
||
When you configure UUFRL, note the following information:
– The range is 10 through 1,000,000 (entered as 1000000).
– Values lower than 1,000 (entered as 1000) should offer sufficient protection.
Configuration Examples for Unknown Traffic Flood Control
This example shows how to configure UUFB on Gigabit Ethernet port 5/12 and how to verify the configuration:
This example shows how to configure UUFRL with a rate limit of 1000 pps with a burst of 20 packets:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum