Why cisco switches have many mac-addresses??

GngoghGngogh Member Posts: 165 ■■■□□□□□□□
Hi, im trying to understand why cisco L2 switches use one base mac-address and one for each port and i cannot find a straight answer its all very vague. can anyone help to understand this??

Comments

  • powmiapowmia Users Awaiting Email Confirmation Posts: 322
    port = NIC... NICs have MACs.
  • darkerzdarkerz Member Posts: 431 ■■■■□□□□□□
    I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....
    :twisted:
  • RouteMyPacketRouteMyPacket Member Posts: 1,104
    darkerz wrote: »
    I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....

    lol..are you shocked?
    Modularity and Design Simplicity:

    Think of the 2:00 a.m. test—if you were awakened in the
    middle of the night because of a network problem and had to figure out the
    traffic flows in your network while you were half asleep, could you do it?
  • fredrikjjfredrikjj Member Posts: 879
    darkerz wrote: »
    I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....
    lol..are you shocked?

    I really don't see why it's such an obvious thing that a layer 2 (the thread starter specifically says layer 2) device needs a MAC address for every port, because it really doesn't. Feel free to explain to me how this port MAC address is used in the forwarding of the frame if you think that I'm missing something.

    What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc.
  • AwesomeGarrettAwesomeGarrett Member Posts: 257
    At the minimum it would need them to forward BPDUs down the tree. Even 802.1D BPDUs, which are only forwarded from the root bridge, would still need a new MAC in the Ethernet header as they're forwarded (nobody ever said anything about a transparent control plane).

    However, it's probably just because the powers at be said so at some point.
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    Gngogh, I want you to recall your Spanning tree knowledge for a second, and recall what a BPDU looks like. This might help:

    http://routemyworld.com/wp-content/uploads/2009/06/8021Dvs8021wFrames.PNG

    Now let's recall how a switch chooses the best configuration BPDU. Recalling the list, it should look something like this:

    -Lowest bridge ID
    -Lowest path cost to the root bridge
    -Lowest Sender bridge ID
    -Lowest Sender Port ID

    As we know, the bridge ID is either: 1) Manually configured bridge priority 2) Lowest MAC. As you remember, up until the extended system ID, each VLAN had to have its own unique MAC address to differentiate instances. So interface-specific MACs aren't relevant there.

    Wait, though, what about the port identifier? Remember that 4 bits are allocated towards the port priority (Defaulted at 128\), and then 12 bits allocated for the port index. The port index takes the last 12 bits off of the MAC address of the switch and adds onto it whatever the port number is (Fiber ports are typically counted first). For example, if I do the command #show version and the following MAC address comes up:

    4802.f29a.8380

    380 are the possible changeable numbers on each of the interfaces (MAC address runs in hexadecimal, therefore each character is 4 bits each). Now, if you go to, let's say, interface F1/0/15 (Account for two SFP slots on the switch), you will probably see the following:

    4802.f29a.8397

    Just remember that switches can't magically read numbers off of ports like we can with our spectacular vision. They see MAC addresses (From a L2 perspective).
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • ScalesScales Member Posts: 95 ■■□□□□□□□□
    fredrikjj wrote: »
    I really don't see why it's such an obvious thing that a layer 2 (the thread starter specifically says layer 2) device needs a MAC address for every port, because it really doesn't. Feel free to explain to me how this port MAC address is used in the forwarding of the frame if you think that I'm missing something.

    What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc.

    Probably the best answer here.

    Also to answer the Original poster's quesiton regarding the base MAC address - it uses this for its spanning-tree Bridge Identifier. This BID needs to be unique per VLAN so it should use a unique MAC address per STP instance. It doesn't however, it gets around this requirement by using a technique called MAC address reduction.

    Edit: Check the picture here of a wireshark packet capture of a BPDU. You can see the VLAN is added to the BID and wireshark is separating it out for you for the Root bridge and for the sender bridge ID contained in this BPDU: Root: 8192/1/<MAC Address> Sender: 32768/1/<MAC Address>

    http://wiki.wireshark.org/STP?action=AttachFile&do=get&target=STP.JPG
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    fredrikjj wrote: »
    What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc.

    While I'm not completely disagreeing with this statement, I don't see it being relevant in all cases i.e. L2 exclusive switches.
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • fredrikjjfredrikjj Member Posts: 879
    While I'm not completely disagreeing with this statement, I don't see it being relevant in all cases i.e. L2 exclusive switches.

    Agree. I wrongly focused only the data plane in my post.
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    Except for the case where a pair of switches are connected over multiple lines. Each line has to have a unique mac at both ends to keep the switches from thinking there is mac flapping happening.
    Latest Completed: CISSP

    Current goal: Dunno
  • lrblrb Member Posts: 526
    I'm glad we treat newer people to this subforum with such respect :/

    The guy asked a question and it took a CCDE to actually give him an answer rather than anyone currently working towards their CCIE
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    lrb wrote: »
    I'm glad we treat newer people to this subforum with such respect :/

    The guy asked a question and it took a CCDE to actually give him an answer rather than anyone currently working towards their CCIE

    Agreed. Guys TE has a long standing tradition of respect for other posters, everyone was new once and we all have blindspots. If that wasn't true there'd be absolutely no reason for anyone to post on these forums. If you still think a question is beneath answering then simply don't reply, it's not an excuse to feel superior to someone else.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • GngoghGngogh Member Posts: 165 ■■■□□□□□□□
    Hi.. from playing around with wireshark ive seen that all control traffic uses the mac address of the interface where the cable is connected to. Traffic such as CDP, STP, LACP, ETC.
  • powmiapowmia Users Awaiting Email Confirmation Posts: 322
    Gngogh wrote: »
    Hi.. from playing around with wireshark ive seen that all control traffic uses the mac address of the interface where the cable is connected to. Traffic such as CDP, STP, LACP, ETC.

    points for digging.
Sign In or Register to comment.