Why cisco switches have many mac-addresses??
Hi, im trying to understand why cisco L2 switches use one base mac-address and one for each port and i cannot find a straight answer its all very vague. can anyone help to understand this??
Comments
-
darkerz Member Posts: 431 ■■■■□□□□□□I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....:twisted:
-
RouteMyPacket Member Posts: 1,104I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....
lol..are you shocked?Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
fredrikjj Member Posts: 879I guess CCENT's and CCNA's are held to a much, much lower standard than back in the day....RouteMyPacket wrote: »lol..are you shocked?
I really don't see why it's such an obvious thing that a layer 2 (the thread starter specifically says layer 2) device needs a MAC address for every port, because it really doesn't. Feel free to explain to me how this port MAC address is used in the forwarding of the frame if you think that I'm missing something.
What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc. -
AwesomeGarrett Member Posts: 257At the minimum it would need them to forward BPDUs down the tree. Even 802.1D BPDUs, which are only forwarded from the root bridge, would still need a new MAC in the Ethernet header as they're forwarded (nobody ever said anything about a transparent control plane).
However, it's probably just because the powers at be said so at some point. -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Gngogh, I want you to recall your Spanning tree knowledge for a second, and recall what a BPDU looks like. This might help:
http://routemyworld.com/wp-content/uploads/2009/06/8021Dvs8021wFrames.PNG
Now let's recall how a switch chooses the best configuration BPDU. Recalling the list, it should look something like this:
-Lowest bridge ID
-Lowest path cost to the root bridge
-Lowest Sender bridge ID
-Lowest Sender Port ID
As we know, the bridge ID is either: 1) Manually configured bridge priority 2) Lowest MAC. As you remember, up until the extended system ID, each VLAN had to have its own unique MAC address to differentiate instances. So interface-specific MACs aren't relevant there.
Wait, though, what about the port identifier? Remember that 4 bits are allocated towards the port priority (Defaulted at 128\), and then 12 bits allocated for the port index. The port index takes the last 12 bits off of the MAC address of the switch and adds onto it whatever the port number is (Fiber ports are typically counted first). For example, if I do the command #show version and the following MAC address comes up:
4802.f29a.8380
380 are the possible changeable numbers on each of the interfaces (MAC address runs in hexadecimal, therefore each character is 4 bits each). Now, if you go to, let's say, interface F1/0/15 (Account for two SFP slots on the switch), you will probably see the following:
4802.f29a.8397
Just remember that switches can't magically read numbers off of ports like we can with our spectacular vision. They see MAC addresses (From a L2 perspective).:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
Scales Member Posts: 95 ■■□□□□□□□□I really don't see why it's such an obvious thing that a layer 2 (the thread starter specifically says layer 2) device needs a MAC address for every port, because it really doesn't. Feel free to explain to me how this port MAC address is used in the forwarding of the frame if you think that I'm missing something.
What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc.
Probably the best answer here.
Also to answer the Original poster's quesiton regarding the base MAC address - it uses this for its spanning-tree Bridge Identifier. This BID needs to be unique per VLAN so it should use a unique MAC address per STP instance. It doesn't however, it gets around this requirement by using a technique called MAC address reduction.
Edit: Check the picture here of a wireshark packet capture of a BPDU. You can see the VLAN is added to the BID and wireshark is separating it out for you for the Root bridge and for the sender bridge ID contained in this BPDU: Root: 8192/1/<MAC Address> Sender: 32768/1/<MAC Address>
http://wiki.wireshark.org/STP?action=AttachFile&do=get&target=STP.JPG -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□What's actually going on, in my opinion, is that there must be a MAC address for when the layer 2 port is converted into a routed port because it's then no longer a "transparent bridge" and must strip the old MAC addresses, decrease the TTL, add new MACs, etc.
While I'm not completely disagreeing with this statement, I don't see it being relevant in all cases i.e. L2 exclusive switches.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
fredrikjj Member Posts: 879OfWolfAndMan wrote: »While I'm not completely disagreeing with this statement, I don't see it being relevant in all cases i.e. L2 exclusive switches.
Agree. I wrongly focused only the data plane in my post. -
bermovick Member Posts: 1,135 ■■■■□□□□□□Except for the case where a pair of switches are connected over multiple lines. Each line has to have a unique mac at both ends to keep the switches from thinking there is mac flapping happening.Latest Completed: CISSP
Current goal: Dunno -
lrb Member Posts: 526I'm glad we treat newer people to this subforum with such respect
The guy asked a question and it took a CCDE to actually give him an answer rather than anyone currently working towards their CCIE -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□I'm glad we treat newer people to this subforum with such respect
The guy asked a question and it took a CCDE to actually give him an answer rather than anyone currently working towards their CCIE
Agreed. Guys TE has a long standing tradition of respect for other posters, everyone was new once and we all have blindspots. If that wasn't true there'd be absolutely no reason for anyone to post on these forums. If you still think a question is beneath answering then simply don't reply, it's not an excuse to feel superior to someone else.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Gngogh Member Posts: 165 ■■■□□□□□□□Hi.. from playing around with wireshark ive seen that all control traffic uses the mac address of the interface where the cable is connected to. Traffic such as CDP, STP, LACP, ETC.
-
powmia Users Awaiting Email Confirmation Posts: 322Hi.. from playing around with wireshark ive seen that all control traffic uses the mac address of the interface where the cable is connected to. Traffic such as CDP, STP, LACP, ETC.
points for digging.