# Go back one pageGo to the next page#Go to this book's Index

Routing and the Unknown MAC Discard feature

For IP routed traffic, the Passport routing switch is always effective in blocking traffic destined to an unknown MAC address and can generally block traffic sent from an unknown MAC address.

The routing switch can always block traffic destined to a MAC address for which there is:

When the routing switch needs to route a frame to an unknown MAC address, it sends an ARP request for the MAC address of the end station. If the MAC address that replies to the ARP request meets all of these three criteria, the router ignores the ARP reply and sends an ICMP unreachable message back to the originating device.

To block routed traffic from an unknown MAC address, the routing switch ignores ARP requests originating from unknown MAC addresses. In general, this procedure prevents the station from effectively sending routed traffic. Note that the routing switch effectively blocks any return traffic given that the above condition is true.


Note Note: If security is a primary concern, Nortel Networks recommends that you configure the Unknown MAC Discard to administratively down the port on any routed VLANs when a MAC violation occurs.


Go back one pageGo to the next page##Go to this book's Index