Re: switchport block unicast/multicast

adamgibs7 · ‎02-26-2018

Dears,

I have read about switchport block unicast and switchport block multicast, when these commands are in effect in which situation ???

becz when a switch cam table ages out it has to flood the traffic on each port of the Vlan and the host has to reply so where these command are making sense.

thanks

Reza Sharifi · ‎02-26-2018

Hi,

These commands are to block unknown unicast and multicast flooding.

see link:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/uniflood.html

HTH

adamgibs7 · ‎02-26-2018

i have been to this document but I have a confusion that's th reason I post it

these commands are only for private Vlan feature and not for normal Vlan traffic ???

Reza Sharifi · ‎02-26-2018

It can work for both private and normal vlans.

HTH

adamgibs7 · ‎02-26-2018

but as mentioned in first post, if it is stopping unwanted flooding then when there is no address in cam the table switch default behavior is to flood on all ports.

can u explain me in details

adamgibs7 · ‎02-28-2018

Any body can put shade on the topic above,

adamgibs7 · ‎03-01-2018

Dears,

Anybody can help me for the above query

Meheretab Mengistu · ‎05-21-2018

Hi,

As you mentioned, the switch default behavior is to flood on all ports, except the port it receives the traffic, when there is no address in CAM table. Unfortunately, if you configure switchport block unicast on an interface, you will not forward the unknown unicast traffic on the port.

One place we use this command is on ports where we connect Access Points. We do not want to forward unknown traffic to any AP where we have more than 50 clients at a time.

HTH,

Meheretab

HTH,
Meheretab

adamgibs7 · ‎05-23-2018

Dear

From you reply what I understand is

switchport block unicast should not be used on the normal end user access ports ?? Please confirm

One place we use this command is on ports where we connect Access Points. We do not want to forward unknown traffic to any AP where we have more than 50 clients at a time

can u elaborate more on the above paragraph.

Meheretab Mengistu · ‎05-23-2018

switchport block unicast should not be used on the normal end user access ports ?? Please confirm

The purpose of the command switchport block unicast is to
prevent unknown unicast traffic from being forwarded from
one port to another. If unknown unicast traffic is forwarded, there could be security issues. So, if you are more concerned about security issues, you can configure it on access ports (knowing that those ports will not receive unknown unicast traffic -- I would not do that).

One place we use this command is on ports where we connect Access Points. We do not want to forward unknown traffic to any AP where we have more than 50 clients at a time

can u elaborate more on the above paragraph.

We prefer not to forward unknown unicast traffic to ports where we plug access points for security reasons.

HTH,

Meheretab

HTH,
Meheretab

adamgibs7 · ‎05-23-2018

Dear

I think there is confusion between the unknown unicast flooding and bradcasting, can u put some shade on this topic, I m referring many post on the internet but not with solid answers