Unknown Unicast Calamity Protection
Some switches abode with a apparatus that can assure an absolute VLAN from unicast
flooding’s abrogating effects. This apparatus is accepted as unicast flood protection. As
already shown, back no access corresponds to a frame’s destination MAC abode in the
incoming VLAN, the anatomy is beatific to all forwarding ports aural the corresponding VLAN,
which causes flooding. Limited calamity is allotment of the accustomed switching process, but
continuous calamity causes adverse achievement furnishings on the network.
The unicast flood aegis affection can accelerate an active back a user-defined amount absolute has
been exceeded. It can additionally clarify the cartage or shut bottomward the anchorage breeding the floods when
20 a2e2.ba2b.6c18 SecureDynamic Fa8/4 -
20 b88c.0f06.6cb4 SecureDynamic Fa8/4 -
20 f492.f751.fab6 SecureDynamic Fa8/4 -
-------------------------------------------------------------------
Total Addresses in Arrangement (excluding one mac per port) : 2
Max Addresses absolute in Arrangement (excluding one mac per port) : 1024
6K-2-S2#
Example 2-13 CPU Utilization Because of Anchorage Security
6K-2-S2-sp# appearance proc cpu | incl Port-S
119 169420 275628 614 15.01% 11.21% 5.81% 0 Port-Security
6K-2-S2-sp#
Example 2-12 Displaying Secured Addresses Only (Continued)
40 Chapter 2: Defeating a Learning Bridge’s Forwarding Process
it detects alien unicast floods beyond a assertive threshold. Example 2-14 shows a
typical agreement taken from a Cisco Catalyst 6500 switch.
Configuring and Monitoring Unicast Flood Protection
Router(config)# mac-address-table unicast-flood absolute 3 vlan 100 clarify 5
Router # appearance mac-address-table unicast-flood
Unicast Flood Aegis status: enabled
Configuration:
vlan Kfps activity timeout
------+----------+-----------------+----------
100 3 clarify 5
Mac filters:
No. vlan antecedent mac addr. installed on time larboard (mm:ss)
-----+------+-----------------+------------------------------+------------------
You can adapt the agreement as follows:
• The absolute keyword specifies the unicast floods on a per antecedent MAC abode and per
VLAN basis; accurate ethics are from 1 to 4000 floods per additional (fps).
• The clarify keyword specifies how continued to clarify unicast flood traffic; accurate ethics are
from 1 to 34,560 minutes.
The active (or shutdown) keyword (not apparent here) configures the arrangement to accelerate an alert
message back the cardinal of unicast floods exceeds the flood amount limit. Another option
consists in application the abeyance keyword to acquaint the arrangement to shut bottomward the admission port
generating the floods back frames of unicast floods beat the flood rate.