Catalyst 6500 Release 12.2SX Software Configuration Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 25, 2012

Chapter: Unknown Unicast and Multicast Flood Control

Understanding Unknown Traffic Flood Control
Configuring UUFB or UMFB
Configuring UUFRL

Configuring Unknown Unicast and Multicast Flood Control

This chapter describes how to configure the unknown unicast flood blocking (UUFB), unknown multicast flood blocking (UMFB), and unknown unicast flood rate-limiting (UUFRL) features in Cisco IOS Release 12.2SX.

•Understanding Unknown Traffic Flood Control

•Configuring UUFB or UMFB

•Configuring UUFRL

Note For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master Command List, at this URL:

http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html

Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum

Understanding Unknown Traffic Flood Control

By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. You can use the UUFB, UMFB, and UUFRL features to prevent or limit this traffic.

The UUFB and UMFB features block unknown unicast and multicast traffic flooding at a specific port, only permitting egress traffic with MAC addresses that are known to exist on the port. The UUFB and UMFB features are supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.

The UUFRL feature applies a rate limit globally to unknown unicast traffic on all VLANs.

Note Enter the switchport block multicast command only on ports where all unknown multicast flooded traffic needs to be completely blocked. UMFB disrupts protocols that make use of local subnetwork multicast control groups in the 224.0.0.0/24 range, for example:

•ARP

•IPv6 neighbor discovery (IPv6 ND)

•Network Time Protocol (NTP)

Do not enter this command on nonreceiver (router) ports or host ports that rely on dynamic ARP. Use IGMP snooping or other rate-limiting options to restrict, rather than completely block, unknown multicast flooded traffic.

Configuring UUFB or UMFB

To configure UUFB or UFMB, perform this task:


	Command	Purpose
Step 1	Router# configure terminal	Enters global configuration mode.
Step 2	Router(config)# interface {{type¹ slot/port} \| {port-channel number}}	Selects the interface to configure.
Step 3	Router(config-if)# switchport	Configures the port for Layer 2 switching.
Step 4	Router(config-if)# switchport block {unicast \| multicast}	Enables unknown unicast or multicast flood blocking on the port.
Step 5	Router(config-if)# do show interfaces [type¹ slot/port] switchport \| include Unknown	Verifies the configuration.

¹type = fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to configure UUFB on Fast Ethernet port 5/12 and how to verify the configuration:

Router# configure terminal

Router(config)# interface fastethernet 5/12

Router(config-if)# switchport

Router(config-if)# switchport block unicast

Router(config-if)# do show interface fastethernet 5/12 switchport | include Unknown

Unknown unicast blocked: enabled

Configuring UUFRL

Note The UUFRL feature is available only with the Supervisor Engine 720-10GE.

To configure UUFRL, perform this task:


	Command	Purpose
Step 1	Router# configure terminal	Enters global configuration mode.
Step 2	Router(config)# mls rate-limit layer2 unknown rate-in-pps [burst-size]	Enables UUFRL and sets the maximum packet rate. (Optional) Specify a burst size limit.
Step 3	Router(config)# exit	Exits configuration mode.

When you configure UUFRL, note the following information:

•When unknown unicast flood rate-limiting (UUFRL) is enabled, per-VLAN learning must be enabled on all the Layer 3 routed ports, otherwise, any unicast flooded packet coming into a routed port will also be rate-limited by UUFRL.

•For the rate-in-pps value:

–The range is 10 through 1,000,000 (entered as 1000000).

–There is no default value.

–Values lower than 1,000 (entered as 1000) should offer sufficient protection.

•For the burst-size value:

–The range is 1 through 255.

–The default is 10.

–The default value should provide sufficient protection.

This example shows how to configure UUFRL with a rate limit of 1000 pps with a burst of 20 packets:

Router# configure terminal

Router(config)# mls rate-limit layer2 unknown 1000 20

Router(config)# exit

Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)