1.1.c Explain general network challenges

1.1.c [i] Unicast flooding



When a switch receives a unicast whose destination is unknown to the MAC address table (CAM, Content Addressable Memory), it is flooded out all ports for the respective vlan. This is expected behavior due to aging, etc., however, excessive flooding may be caused by asymmetric routing, STP topology changes, forwarding table overflow and network attacks, particularly DOS (Denial of Service attacks). To alleviate this switches can implement unicast flood prevention.

mac-address-table unicast-flood {limit kfps} {vlan vlan} {filter timeout | alert | shutdown}

An alternative approach can be employed on some switch models such as the 6500 series:

Unknown Unicast Flood Blocking

switchport block unicast