The Unicast flooding means when a packets comes in the switch , the switch looks at the
Destination mac address of the packet and does not know what port to send out the traffic
to , then what switch does is floods that packet in the entire vlan just like a broadcast
in hopes that whoever has that address will pick it up and rest of the Hosts will drop the
traffic after looking at the MAC.
That is the information you are looking at in the output of "show mac-address-table"
command that for certain Destination MAC addrresses , the switch does not know what port
these addresses are on, and hence the "Flood to VLAN" argument.
Now why would a unicast flooding occur . A lot of times , unicast flooding can be
attributed to asymmetric routing. And usually bringing the arp and CAM timers as close to
each other as possible would eliminate unicast flooding to a great extent. In order to
better understand unicast flooding , I would suggest that you take a look at case study 8
in the following link.
http://www.cisco.com/warp/customer/473/62.shtml
You can configure unicast flooding protection starting from release 12.1(19)E1. The
following link explains the usage of the command.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/i1.htm#31289
Other possible bugs that you might want to look at:
CSCsa84231
CSCeh73110
Hope that helps.