[c-nsp] wisdom of switchport block ...
András Tóth
diosbejgli at gmail.com
Mon Feb 10 15:25:24 EST 2014
Hi,
Let's not forget STP topology change notifications (TCNs) because they'll
cause the MAC address entries to age out in forward-delay (15 sec) or even
immediately with Rapid-STP. A STP topology change is observed (and TCN
generated) when a non-edge (non-portfast) port goes either from Forwarding
to Blocking or from Blocking to Forwarding. With RSTP non-edge port moving
to Forwarding will generate TCNs.
This can lead to hosts becoming unreachable with unicast blocking even with
a carefully chosen ARP aging timer.
Regards,
Andras
On Mon, Feb 10, 2014 at 7:30 PM, Tarko Tikan <tarko at lanparty.ee> wrote:
> hey,
>
>
> I am looking at tightening up my subscriber access network and, if
>> I understand the documentation correctly, 'switchport block unicast'
>> will prevent a cisco switch (3560g in this case) from flooding unicast
>> frames out any port so configured, unless the destination mac address
>> was learned from that port.
>>
>
> Blocking unknown unicast is very typical for access networks using
> service-vlans (or N:1, whatever you like to call it).
>
> MAC aging and DHCP lease timers will have to be tuned accordingly, make
> sure DHCP < aging. This way DHCP renewals will keep active addresses in the
> MAC table.
>
> --
> tarko
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list