GOOD TO KNOW!
( http://puck.nether.net/pipermail/cisco-nsp/2004-November/014090.html )

Normally, through a switch port, there are 3 kinds of traffic that are forwarded (i didn't take into account the vlan separation in the switch):

• ethernet broadcast packets (dest mac ff:ff:ff:ff:ff:ff)
• traffic for the mac addresses learned on the port
• traffic with dest. mac addresses unknown to the switch, which is flooded to all ports but the one where the packets entered.
  

When one uses “switchport block unicast”, the third type on the list, the so called “unknown unicast” traffic is noe forwarded to the specific port, so the only traffic exiting the port will be the broadcast (ff…) or the packets that have as destination mac, one of the mac-addresses learned on the port.

A problem arises when a host connected somehow to that port does not send any traffic for more than $mac_address_aging_time (usually 5 min): the mac will be erased from the mac address table, and the traffic will not be forwarded to the port (due to the blocking of unknown unicast) until a packet is received again and the mac is relearned. This setting should be mostly used on port with hosts connected, not a “core” port. On most of the cases, there will no problems, since all operating systems (programs, daemons, servers) send packets, and one of these packets is enough to make the mac address of the host be addded to the table on the switch, and the probability of a “normal” host to not send packets for 5 minutes (especially if it is Windows :) ) is very very small.

 interface fa x/y
 power inline delay shutdown 5 initial 100