Configuring Unknown Unicast Forwarding (CLI Procedure)


Unknown unicast traffic consists of packets with unknown destination MAC addresses. By default, the switch floods these packets to all interfaces associated with a VLAN. Forwarding such traffic to interfaces on the switch can create a security issue.

To prevent flooding unknown unicast traffic across the switch, configure unknown unicast forwarding to direct all unknown unicast packets within a VLAN out to a specific trunk interface. From there, the destination MAC address can be learned and added to the Ethernet switching table. You can configure each VLAN to divert unknown unicast traffic to different trunk interfaces or use one trunk interface for multiple VLANs.


For Junos OS for EX Series switches or QFX Series with support for the Enhanced Layer 2 Software (ELS) configuration style, see Configuring Unknown Unicast Forwarding (CLI Procedure).

To configure unknown unicast forwarding options:


Before you can configure unknown unicast forwarding within a VLAN, you must first configure that VLAN.

  1. Configure unknown unicast forwarding for a specific VLAN (here, the VLAN name is employee):
    [edit ethernet-switching-options]

    user@switch# set unknown-unicast-forwarding vlan employee
  2. Specify the trunk interface to which all unknown unicast traffic will be forwarded:
    [edit ethernet-switching-options]

    user@switch# set unknown-unicast-forwarding vlan employee interface ge-0/0/3.0