Cisco 3560x-24p 参考指南

Use the switchport block interface configuration command on the switch stack or on a standalone switch 
to prevent unknown multicast or unicast packets from being forwarded. Use the no form of this command 
to allow forwarding unknown multicast or unicast packets.

switchport block {multicast | unicast}

no switchport block {multicast | unicast}

Unknown multicast and unicast traffic is not blocked.

Interface configuration

By default, all traffic with unknown MAC addresses is sent to all ports. You can block unknown multicast 
or unicast traffic on protected or nonprotected ports. If unknown multicast or unicast traffic is not 
blocked on a protected port, there could be security issues. 

With multicast traffic, the port blocking feature blocks only pure Layer 2 packets. Multicast packets that 
contain IPv4 or IPv6 information in the header are not blocked.

Blocking unknown multicast or unicast traffic is not automatically enabled on protected ports; you must 
explicitly configure it.

For more information about blocking packets, see the software configuration guide for this release.

This example shows how to block unknown unicast traffic on an interface:

Switch(config-if)# switchport block unicast

You can verify your setting by entering the show interfaces interface-id switchport privileged EXEC 
command.

Specify that unknown multicast traffic should be blocked. 

Only pure Layer 2 multicast traffic is blocked. Multicast packets that 
contain IPv4 or IPv6 information in the header are not blocked.

Specify that unknown unicast traffic should be blocked.

12.2(53)SE2

This command was introduced.