Solved: UUFB and/or UUMB

fsebera · ‎01-30-2009

Looking for real world use of these features.

UUFB -unknown unicast flood blocking

UUMB -unknown multicast flood blocking

When a new device initially connects to a switch port, the devices MAC address is unknown so by default the switch MUST add this newly found MAC address to the switches CAM table. The switch also by default must flood the MAC address to all other layer-2 ports within the same vlan.

SO the question is - If I enable the UUFB feature and apply it to all layer-2 ports on a switch, and UUFB blocks all unknowns (unicast), how could I ever get a connection to the network?

Same thing with UUMB?????

What am I missing?

Please help me get out of my stupor! :(

Tks

Frank

Roberto Salazar · ‎01-30-2009

SO the question is - If I enable the UUFB feature and apply it to all layer-2 ports on a switch, and UUFB blocks all unknowns (unicast), how could I ever get a connection to the network?

The UUFB is on transmit portion or egress (see below from Understanding UUFB). The switch will prevent any unicast packet that has destination mac address that is not in it's table from being forwarded to all the ports. The switch learns mac address by looking at source mac address of the received packet. So, that means, the host will get connection the switch will learn that hosts mac address. Switch gets a unicast packet from this host, it's not in the table UUFB is configured, the packet does not get flooded. The same goes for UUMB. I hope that clears the distinction.

Here is the UUFB info from link:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/blocking.html

Unknown unicast traffic is flooded to all Layer 2 ports in a VLAN. You can prevent this behavior by using the UUFB feature. The UUFB feature blocks unknown unicast traffic flooding and only permits egress traffic with MAC addresses that are known to exit on the port. The UUFB feature is supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.

View solution in original post

Roberto Salazar · ‎01-30-2009

SO the question is - If I enable the UUFB feature and apply it to all layer-2 ports on a switch, and UUFB blocks all unknowns (unicast), how could I ever get a connection to the network?

The UUFB is on transmit portion or egress (see below from Understanding UUFB). The switch will prevent any unicast packet that has destination mac address that is not in it's table from being forwarded to all the ports. The switch learns mac address by looking at source mac address of the received packet. So, that means, the host will get connection the switch will learn that hosts mac address. Switch gets a unicast packet from this host, it's not in the table UUFB is configured, the packet does not get flooded. The same goes for UUMB. I hope that clears the distinction.

Here is the UUFB info from link:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/blocking.html

Unknown unicast traffic is flooded to all Layer 2 ports in a VLAN. You can prevent this behavior by using the UUFB feature. The UUFB feature blocks unknown unicast traffic flooding and only permits egress traffic with MAC addresses that are known to exit on the port. The UUFB feature is supported on all ports that are configured with the switchport command, including private VLAN (PVLAN) ports.