Monday, May 30, 2016

Learning by unicast flooding - or not?

Unicast flooding is commonplace switch functionality. However, you might not want to ever see another host's packets, for security among other reasons.

FAUCET has a feature where learning via unicast flooding can be disabled, and FAUCET will learn only for Ethernet broadcast, ARP, and IPv6 neighbor discovery instead.

This can be configured at the VLAN level. For example:

vlans:
    2001:
        unicast_flood: False


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.