7.21. Configuring Port-Block

Overview

Function Introduction

By default, the switch floods packets with unknown destination MAC addresses out of all ports. If unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can block a port (protected or unprotected) from flooding unknown unicast or multicast packets to other ports.

Principle Description

N/A

Configuration

step 1 Enter the configure mode

Switch# configure terminal

step 2 Enter the interface configure mode and block unknown unicast

Switch(config)# interface eth-0-1
Switch(config-if)# port-block unknown-unicast
Switch(config-if)# exit

step 3 Exit the configure mode

Switch(config)# end

step 4 Validation

To display the port-block configuration, use the command show port-block in the privileged EXEC mode

Switch#  show port-block interface eth-0-1
Known unicast blocked: Enabled
Known multicast blocked: Disabled
Unknown unicast blocked: Disabled
Unknown multicast blocked: Disabled
Broadcast blocked: Disabled

Application cases

N/A

latest.20241106