Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1328
Views
0
Helpful
8
Replies

How do switch play with Mac address?

Ajay Raj
Level 1
Level 1

‎05-19-2018 11:31 AM - edited ‎03-05-2019 10:28 AM

Experts,

 

I have 2 questions. Its bit confusing me every time. Hope my confusions can resolve by experts like you.

 

1. Did switch learn all MAC address's? I mean both the through traffic & to the box traffic?

2. My data center has multiple production servers & data transferring is happening every second even then the switch is not learning all the MAC address from the servers. Sometimes i have to ping the server IP & get the MAC address. Why is that?  If the servers are communicating all the time then how come a MAC address gets time out?

Labels:
0 Helpful
8 Replies 8

Georg Pauwen
VIP
VIP

‎05-19-2018 01:14 PM

Hello,

 

in general, a MAC address times (ages) out only if it is not being used (default is 300 seconds).

Which switch do you have ? Post the output of 'show ver'...

0 Helpful

Ajay Raj
Level 1
Level 1
In response to Georg Pauwen

‎05-20-2018 06:26 AM

Thanks for taking time to reply. Its not related to any specific device or a manufacturer. Same behavior can be seen in N5k,7k,3850,3750 etc...

0 Helpful

mlund
Level 7
Level 7

‎05-21-2018 04:13 AM

Hi

I wonder what command you are using, because, mac adresses are learnt when traffic is passing the switch. The switch looks at the source address and updates its cam table with that info together with the interface the traffic was receives, and as Georg say, the timeout for that is 300 seconds.

To look at this table, use " sh mac address-table".

However you said you have to ping it to see it, that sounds you are looking at the arp table, wich in turn, is only used by layer3, and the command for that is "sh arp"

/Mikael

0 Helpful

Ajay Raj
Level 1
Level 1
In response to mlund

‎05-21-2018 06:25 AM

I absolutely understand ARP & MAC address.Let me be little more specific here. Consider that in a data center we have 100's of servers , all are online & passing the traffic back and forth. Still sometimes we dont see their MAC address in mac address table. I understand that MAC address will age out after a certain period of time but in this case there is no chance for that since all servers are online & exchanging the packet. Do we have an option to find a server MAC with out doing the ARP? 

 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-21-2018 08:04 AM

#1 Normally yes, a possible exception being if the MAC table is filled.

#2 "Why is that?" Well, for the switch to learn a MAC, it needs to see a frame. Depending on your topology, it's possible initial frames were flooded to all switches, but once two hosts establish communications, their unicast frames only flow through some of your switches, so the switches that do not see the "conversation" between hosts would age out the MAC entry (as it's not being refreshed). Doing a ping from such a switch would/should force a reply and then the switch would renter the MAC.
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎05-21-2018 10:05 AM

Mikael makes an important point that a switch learns the source mac of every frame that passes through the switch. I believe that Joseph makes another important point that in a network that is designed to have some redundancy that it is quite likely that traffic from a server will pass through some switches but not through other switches.

 

Perhaps we can think of an example to illustrate this. Suppose that the server is connected to switch S. Switch S is connected to three downstream switches S1 S2 and S3. When the server comes on line it checks for duplicate IP by sending an arp which is flooded through the entire network. At this point all switches have learned its source mac. As it is in operation traffic from the server passes through Switch S and through S1. So S2 and S3 are not seeing this traffic and they time out the mac address from their switch mac address table. Now if you happen to be connected to S2 or S3 and attempt to see the server it will not be in the mac address table of your switch. After you ping the server then the mac does show up in the table of your switch.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Richard Burts

‎05-21-2018 11:03 AM

Rick's example is indeed an example of a topology to which I alluded. Also note, although Rick mentions redundancy, in reference to my posting, redundancy isn't required.

Again, Rick's is a fine example, and his example doesn't mention redundancy. The issue is whether the switch carries (two way) transit traffic for the hosts involved.

BTW, an interesting case of where even transit switches can "drop" MACs is in unicast flooding. See case number 1 in: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html?dtid=osscdc000283
0 Helpful

Ajay Raj
Level 1
Level 1
In response to Richard Burts

‎05-22-2018 01:49 AM

Thanks everyone for their reply. I have to add 2 more components here which will give a better understanding.

What if i have only 2 Nexus switches & along with Fabric interconnect & FEX module. Does the server/UCS blade packet really reach the switch? Does that can be reason why the switch mac address age out? I know FI is a L2 switch.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card