cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2978
Views
0
Helpful
3
Replies

Preventing unicast flooding

cox
Level 1
Level 1

Hello

I recently carried out some sniffing on a 3550 and noticed a lot of traffic that I should not have seen on that port. Having had a look around on cco this appears to be a known issue (unicast flooding)

I am a little confused as to exactly what causes this, can anyone explain?

I understand that the mac address table aging timer on the switch can be adjusted and that the arp timeout on a router can also be adjusted. Does anyone know what the best setting for both these timers is? I think the defaults are 14400 seconds for router arp table and 300 seconds for a switches mac table.

Many thanks

3 Replies 3

vijayasankar
Level 4
Level 4

Hi,

Unicast Flooding is a classical behavior mostly seen in the switches to due instability in spanning tree.

Whenever a TCN BPDU is received by a layer 2 switch, it will reduce its mac-aging timer from the standard/configured value to Fast Aging timer, which is 20 seconds.

Till the STP convergence the mac aging timer of the switch will be 20 seconds only.

Hence whenever a TCN BPDU is seen by a switch, MAC relearning process will start. This is the behavior of Spanning tree protocol. During this time, as all known mac address in the switch are flushed and mac relearning process is running, when the switch receives an ethernet packet, if it doesn't know where the mac-address is located, it will flood the packets to all ports.

You can have a look at the following URL to know more on this and other reasons for unicast flooding.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml#cause2

-VJ

mheusinger
Level 10
Level 10

Hi,

unicast flooding might also arise from HSRP besides SPT issues. Have a look at "Unicast Flooding in Switched Campus Networks" at

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

So changing of timers is not the initial approach. First have a look at the document and conclude network modifications suggested there. If this does not fix the problem then

post your findings.

Hope this helps! Please rate all posts.

Regards, Martin

Sorry, I just now realized that VJ already had posted the same link. Cudos to him.

Regards, Martin

Review Cisco Networking for a $25 gift card