Disabling Egress Flooding - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Manual (256 pages)
Table of Contents
Advertisement
Forwarding Database
Disabling MAC Address Learning on the BlackDiamond 8800 Family of Switches and
the Summit X450 Switch Only.
When learning is disabled, packets with unknown source MAC addresses are dropped.
Disabling Egress Flooding
With ExtremeWare XOS software version 11.2, you can enable or disable egress flooding. Under default
conditions, when the system does not find a match in the FDB for a unicast/multicast/broadcast MAC
address in a packet received in a given port, the system forwards that frame to every port in the VLAN
(known as Layer 2 flooding).
However, you can enhance security and privacy as well as improving network performance by
disabling Layer 2 egress flooding on some packets. This is particularly useful when you are working on
an edge device in the network. Limiting flooded egress packets to selected interfaces is also known as
upstream forwarding.
NOTE
Disabling egress flooding can affect many protocols, such as IP and ARP among others.
Figure 13
illustrates a case where you want to disable Layer 2 egress flooding on specified ports to
enhance security and network performance.
Figure 13: Upstream forwarding or disabling egress flooding example
Access Link
port 1
Client 1
In this example, the three ports are in an ISP-access VLAN. Ports 1 and 2 are connected to clients 1 and
2, respectively, and port 3 is an uplink to the ISP network. Because clients 1 and 2 are in the same
VLAN, client 1 could possible learn about the other client's traffic by sniffing client 2's broadcast traffic;
client 1 could then possibly launch an attack on client 2.
However, when you disable all egress flooding on ports 1 and 2, this sort of attack is impossible, for the
following reasons:
Broadcast and multicast traffic from the clients is forwarded only to the uplink port.
●
Any packet with unlearned destination MAC addresses is forwarded only to the uplink port.
●
One client cannot learn any information from the other client. Because egress flooding is disabled on
●
the access ports, the only packets forwarded to each access port are those packets that are specifically
targeted for one of the ports. There is no traffic leakage.
254
ISP FW/
Security Proxy
Uplink
port 3
Access Link
port 2
EXOS Switch
Access VLAN
Client 2
XOS004A
ExtremeWare XOS 11.3 Concepts Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Extreme Networks ExtremeWare XOS Guide
Related Products for Extreme Networks ExtremeWare XOS Guide
- Extreme Networks ExtremeWare Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching X440-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-24t-10GE4-DC
- Extreme Networks ExtremeSwitching X440-G2-24fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24t-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24p-GE4
- Extreme Networks ExtremeSwitching X620-16x
- Extreme Networks ExtremeSwitching X460-G2-24t-GE4
- Extreme Networks ExtremeSwitching X440-G2-12p-10GE4
Need help?
Do you have a question about the ExtremeWare XOS Guide and is the answer not in the manual?
Questions and answers