hey,
I am looking at tightening up my subscriber access network and, if
I understand the documentation correctly, 'switchport block unicast'
will prevent a cisco switch (3560g in this case) from flooding unicast
frames out any port so configured, unless the destination mac address
was learned from that port.
Blocking unknown unicast is very typical for access networks using
service-vlans (or N:1, whatever you like to call it).
MAC aging and DHCP lease timers will have to be tuned accordingly, make
sure DHCP < aging. This way DHCP renewals will keep active addresses in
the MAC table.
--
tarko
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
