The RUCKUS ICX switch must have Unknown Unicast Flood Blocking (UUFB) enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273680 | RCKS-L2S-000120 | SV-273680r1110983_rule | Medium |
| Description |
| Access layer switches use the Content Addressable Memory (CAM) table to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When a router has an Address Resolution Protocol (ARP) entry for a destination host and forwards it to the access layer switch and there is no entry corresponding to the frame's destination MAC address in the incoming VLAN, the frame will be sent to all forwarding ports within the respective VLAN, which causes flooding. Large amounts of flooded traffic can saturate low-bandwidth links, causing network performance issues or complete connectivity outage to the connected devices. Unknown unicast flooding has been an ongoing problem in networks that have asymmetric routing and default timers. To mitigate the risk of a connectivity outage, the UUFB feature must be implemented on all access layer switches. The UUFB feature will block unknown unicast traffic flooding and only permit egress traffic with MAC addresses that are known to exit on the port. |
| STIG | Date |
| RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide | 2025-06-03 |
Details
| Check Text (C-77771r1110061_chk) |
| Review configuration to verify ports are configured to block unknown unicast traffic. ! interface ethernet 1/1/8 block unknown-unicast ! If any access switch ports do not have UUFB enabled, this is a finding. |
| Fix Text (F-77676r1110062_fix) |
| Configure switch to block unknown unicast by port: 1. Global config: Router# configure terminal 2. Designate port level configuration: Router(config)# interface ethernet 1/1/1 to 1/1/48 3. Enter command on interface: Router(config-mif-1/1/1-1/1/48)# block unknown-unicast 4. Save the configuration: Router# write memory |