Solved: SG300 inter-VLAN routing and MAC address changes in incoming packets

alexandrfedchenko · ‎04-01-2012

Hello

I have SG300-20 working in Layer3 mode

VLAN1 is not used

Internet gateway is in VLAN211

Clients are in other VLANs

Switch is default gateway for clients and itself has internet gateway as default route.

MAC address of switch is XX:XX:XX:XX:XX:63

When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63

But in incoming packets source MAC address is XX:XX:XX:XX:XX:69

Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

rocater · ‎04-11-2012

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.

I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.

At this time there is not an option to change this.

View solution in original post

David Hornstein · ‎04-03-2012

Hi Alexandr,

I wonder if arp proxy is enabled on your switch ?

regards Dave

alexandrfedchenko · ‎04-04-2012

Hello Dave

No, ARP Proxy is NOT enabled on my switch, I'd checked.

It was not enabled by default and I never enable it.

alexandrfedchenko · ‎04-10-2012

Here is ping packets captured by Wireshark when pinging switch itself (192.168.1.210) and outside address.

In incoming ethernet frame for second ping MAC address of switch is changed.

rocater · ‎04-11-2012

Hello Alexandr,

I have a feeling the source MAC is changing since the traffic would be coming from a different interface. I would like to confirm this and will do a quick test on my end as soon as I get wireshark installed. I will update you with results.

rmanthey · ‎04-11-2012

Hello Alexandr,

I am not able to read the xml files in the zip file. Is there any way you can save the wireshark as a .pcap

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

alexandrfedchenko · ‎04-11-2012

See attached file

rocater · ‎04-11-2012

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.

I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.

At this time there is not an option to change this.

alexandrfedchenko · ‎04-11-2012

Hello, Robert.

Many thanks for you help.

But I'm little confused, because I've got some programs that works slightly not by standard too. They send initial packet on router MAC address from ARP table and following packets on router MAC address extracted from incoming packet. And because MAC address in incoming packet is different from real switch MAC, following packets are losing.

Will it be some fixes for switch firmware for use only real MAC or accept packets with "virtual" switch MAC?

rocater · ‎04-12-2012

Alexandr,

This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

alexandrfedchenko · ‎04-12-2012

Robert Cater написал(а):

Alexandr,

This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

Is this normal for all switches working in layer3 or only for Small Business 300 series? May be replacement for other models will help?

No, I think application vendor uses MAC addresses inspection for ARP spoofing attack avoidance.

rocater · ‎04-13-2012

This is how it works for all the current small business model switches that do layer 3. I can not speak for our enterprise level switches though as I do not have one available for testing.

alexandrfedchenko · ‎04-14-2012

Robert

Many thanks for your help.

candritzky · ‎09-19-2013

Hi Robert,

I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.

When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.

Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.

Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.

Thanks,
Chris

Tom Watts · ‎09-19-2013

Hi Christian, I am assuming this is not being seen between 2 interfaces of the same VLAN?

May be related to bug

CSCub82382.

If you need support for this, please call the small business support center.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/