When a switch is flooding on all its ports a unicast frame?

Answered Question
Jan 9th, 2009

Is there any real case when a switch after it receives a unicast frame on one of its ports would flood the frame on all its ports except the port it received the frame on?

I see this being possible only if the destination MAC address was already flushed by the switch from its MAC table when the unicast frame arrived, whereas that destination MAC address is still valid in the host's ARP table (not needing os to send a broadcast ARP for learing that MAC address), but I don't know if this could happen in real cases.

What is the default timer for flusing an entry from the MAC table of a switch ?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 1 week ago

Petru

Apologies. Yes if an end device has the mac-address of the destination device but the switch does not then it would flood the frame out all ports (except the one it received on).

It could also occur when the mac-address table is full and the switch can no longer store any entries. Have a look at this link which covers unicast flooding within a switched network -

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Fri, 01/09/2009 - 15:17

The most common case is when the switch does not know which port the unicast packet is destined for so it needs to flood the packet out of all ports.

This quite a common occurence and you often find posts in these forums saying "i am running a sniffer on my desktop and am seeing unicast packets that are not addressed to my pc."

Jon

mikegrous Fri, 01/09/2009 - 15:17

What is the default timer for flusing an entry from the MAC table of a switch ?

i think its 300 seconds.

badalam_nt Fri, 01/09/2009 - 15:29

To Jon:

Yes, I know the reason why a switch floos a frame, it is when it does not have the entry with destination MAC in its MAC table.

The question is when we could have such cases?

And I was wondering whether this is possible only when the host's ARP table expires later then the switch flushed its MAC table. Otherwise the host will always start with broadcast ARP, then the switch will learn the destination MAC and next when the host will send the actual unicast frame the switch will be able to forward/filter it to only the right port.

So, is this the only case possible?

And those 300secs seems higher than the ARP table validity timer in the host, which then puzzles me even more.

Correct Answer
Jon Marshall Fri, 01/09/2009 - 15:37

Petru

Apologies. Yes if an end device has the mac-address of the destination device but the switch does not then it would flood the frame out all ports (except the one it received on).

It could also occur when the mac-address table is full and the switch can no longer store any entries. Have a look at this link which covers unicast flooding within a switched network -

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

Jon

badalam_nt Fri, 01/09/2009 - 16:00

Thanks for the link.

A last point: do you confirm that the default timer is 300 seconds?

PS:I have a lot to learn, just started to prepare for CCNA, hope in 6 months to be at full speed :-)

I'll surely come with lots of questions, as I don't take anything I'm reading as granted, must have a complete technical explanation in order to accept it.

Jon Marshall Fri, 01/09/2009 - 16:03

Petru

"as I don't take anything I'm reading as granted, must have a complete technical explanation in order to accept it."

That is the best way to be. If you have this approach you will be a very good network person.

Feel free to ask as many questions as you need.

Jon

mikegrous Fri, 01/09/2009 - 17:15

good luck on the ccna. my ccie lab is tuesday ahh the madness of it

lejoe.thomas Fri, 01/09/2009 - 17:17

Hi Michael,

Good luck! Hope you do your best. Which one is it? R&S?

Lejoe

Actions

This Discussion