Layer 2 Bridging - Unknown Unicast - ARP or Flood?

Unanswered Question
Nov 9th, 2007

Hi all,

I'm trying to understand when a layer-2 bridge (switch) would flood an

unknown unicast frame. My understanding is that whenever a device

needs to send a unicast frame, it would use ARP before sending, in

which case the switch would already have the MAC address of the

destination due to it's ARP reply. This seems that there would never

be a scenario where the switch would flood a unicast frame out all

ports. My book lists this as a valid scenario. Am I missing

something, or is this only possible in situations where ARP isn't

used? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Fri, 11/09/2007 - 19:50

I've seen this behavior on customer's network and often is due to incorrect configuration.

If you set the arp timer higher than your mac-address-table (a.k.a CAM) timer, you will see this kind of behavior.

The switch would have the IP address in ARP but not a corresponding MAC since it has aged out.

Richard Burts Sat, 11/10/2007 - 09:04

I agree with most of what Edison says. But not the part about often is due to incorrect configuration. The ARP timer in IOS is 4 hours and the CAM age timer defaults to 15 minutes. This mismatch exists before the customer starts to configure anything.

There are also situations where asysmetric paths can cause unicast flooding.



ohassairi Sat, 11/10/2007 - 10:34

some times when mac address table is full, the switch will bwcome as a hub. it broadcast any frame. this is well known attack by flooding the network with unreal MAC address until the mac address table will become full.

response3 Sun, 11/11/2007 - 11:21

Thanks for the feedback, guys. What you're saying makes sense, and it's technically true. It's still misleading that my CCIE R&S book v3 says that this is the default behaviour of a switch, when in fact, you shouldn't see this in production.

milan.kulik Sun, 11/11/2007 - 13:44


as Rick said ARP cache timeout is 4 hours while L2 switch MAC address timeout is only 5 minutes by default.

So it can happen there is the destination MAC missing in the switch forwarding table.






This Discussion