Hi, Let's not forget STP topology change notifications (TCNs) because they'll cause the MAC address entries to age out in forward-delay (15 sec) or even immediately with Rapid-STP. A STP topology change is observed (and TCN generated) when a non-edge (non-portfast) port goes either from Forwarding to Blocking or from Blocking to Forwarding. With RSTP non-edge port moving to Forwarding will generate TCNs.
This can lead to hosts becoming unreachable with unicast blocking even with a carefully chosen ARP aging timer. Regards, Andras On Mon, Feb 10, 2014 at 7:30 PM, Tarko Tikan <ta...@lanparty.ee> wrote: > hey, > > > I am looking at tightening up my subscriber access network and, if >> I understand the documentation correctly, 'switchport block unicast' >> will prevent a cisco switch (3560g in this case) from flooding unicast >> frames out any port so configured, unless the destination mac address >> was learned from that port. >> > > Blocking unknown unicast is very typical for access networks using > service-vlans (or N:1, whatever you like to call it). > > MAC aging and DHCP lease timers will have to be tuned accordingly, make > sure DHCP < aging. This way DHCP renewals will keep active addresses in the > MAC table. > > -- > tarko > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/