Configuring Unknown Unicast Flood Control
Download this chapter
Configuring Unknown Unicast Flood ControlConfiguring Unknown Unicast Flood Control
 Feedback

Table Of Contents

Configuring Unknown Unicast Flood Control

Understanding UUFB and UUFRL

Configuring UUFB

Configuring UUFRL


Configuring Unknown Unicast Flood Control

This chapter describes how to configure the unknown unicast flood blocking (UUFB) and unknown unicast flood rate-limiting (UUFRL) features in Cisco IOS Software Release 12.2SX.

Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Software Releases 12.2SX Command References at this URL:

http://www.cisco.com/en/US/docs/ios/mcl/122sx_mcl.html

Understanding UUFB and UUFRL

Unknown unicast traffic is flooded to all Layer 2 ports in a VLAN. You can use the UUFB and UUFRL features to prevent or limit this traffic.

The UUFB feature blocks unknown unicast traffic flooding at a specific port, only permitting egress traffic with MAC addresses that are known to exist on the port. The UUFB feature is supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.

The UUFRL feature applies a rate limit globally to unknown unicast traffic on all VLANs.

Configuring UUFB

To configure UUFB, perform this task:

 
Command
Purpose

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# interface {{type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 3 

Router(config-if)# switchport block unicast

Enables UUFB on the port.

Step 4 

Router(config-if)# do show interfaces [type1 slot/port] switchport | include unicast

Verifies the configuration.

1 type = fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to configure UUFB on Fast Ethernet port 5/12 and how to verify the configuration: 

Router# configure terminal 

Router(config)# interface fastethernet 5/12 

Router(config-if)# switchport block unicast 

Router(config-if)# do show interface fastethernet 5/12 switchport | include unicast 

Unknown unicast blocked: enabled

Configuring UUFRL

Note The UUFRL feature is only available with the Supervisor Engine 720-10GE.

To configure UUFRL, perform this task:

 
Command
Purpose

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# mls rate-limit layer2 unknown rate-in-pps [burst-size]

Enables UUFRL and sets the maximum packet rate.

(Optional) Specify a burst size limit.

Step 3 

Router(config)# exit

Exits configuration mode.

When you configure UUFRL, note the following information:

For the rate-in-pps value:

The range is 10 through 1,000,000 (entered as 1000000).

There is no default value.

Values lower than 1,000 (entered as 1000) should offer sufficient protection.

For the burst-size value:

The range is 1 through 255.

The default is 10.

The default value should provide sufficient protection.

This example shows how to configure UUFRL with a rate limit of 1000 pps with a burst of 20 packets: 

Router# configure terminal 

Router(config)# mls rate-limit layer2 unknown 1000 20 

Router(config)# exit