Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
5
Helpful
4
Replies

Preserving mac addresses from branch location

Go to solution
jstewart33
Level 1
Level 1

‎04-21-2009 07:11 AM - edited ‎03-04-2019 04:27 AM

We brought a branch location online awhile back via a site to site T1 and a couple of 1841s. Everything is running great, but a problem I'm having is that the branch location client's mac address is showing up in my firewall logs as the mac for the 1841 FastEthernet interface on the Headquarters side. I would like to be able to preserve the clients mac addresses so that they show up in the firewall logs correctly. Thanks for the help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-21-2009 08:54 AM

Jerrod

mac-addresses are not preserved across L3 hops so unless your branch is connected to the HQ site with a L2 link which would also mean the 1841 routers on either side would have to be bridging the connection, then you won't be able to preserve the mac-address.

So when the packets arrive at HQ and are sent from the 1841 to your firewall the src mac-address will always be the 1841 fast ethernet interface. The src IP will obviously be the client.

This is normal TCP/IP behaviour.

Jon

View solution in original post

4 Replies 4

Go to solution
lamav
Level 8
Level 8

‎04-21-2009 08:11 AM

Hi:

It seems as though proxy arp is enabled on your router's LAN interface.

HTH

Victor

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-21-2009 08:54 AM

Jerrod

mac-addresses are not preserved across L3 hops so unless your branch is connected to the HQ site with a L2 link which would also mean the 1841 routers on either side would have to be bridging the connection, then you won't be able to preserve the mac-address.

So when the packets arrive at HQ and are sent from the 1841 to your firewall the src mac-address will always be the 1841 fast ethernet interface. The src IP will obviously be the client.

This is normal TCP/IP behaviour.

Jon

Go to solution
lamav
Level 8
Level 8
In response to Jon Marshall

‎04-21-2009 09:38 AM

Wow, I read the post back asswards...:-)

Sorry, been a rough week. ..

Jon, naturally, is 100% correct. The source and destination IP addresses are always preserved, but the MAC-addresses are re-written by each forwarding device on a hop-by-hop basis.

Sheeew..that was bad one!

Jon, as a conciliatory gesture for being so stupid, I rated your post ;-)

Victor

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to lamav

‎04-21-2009 11:59 AM

Victor

No problem, i figured you just misread the question. You could trawl through my posts and find some really bad answers :-)

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card