cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5321
Views
0
Helpful
2
Replies

The same MAC addresses appearing in multiple VLANs

Hi

 

Background

I have setup an SG300-28 as a layer 2 switch with multiple VLANs.

There are the following VLANS

1DefaultEnabledEnabled
100BT ADSL+ FirewalledStaticEnabledEnabled
200Virgin Fibre FirewalledStaticEnabledEnabled
300Tardis Backup LANStaticEnabledEnabled
500BT ADSL+ RAWStaticDisabledEnabled
600Virgin Fibre RAWStaticDisabledEnabled

 

The interface ports are all set as Access mode and are either assigned to the VLAN or left to default.

The Fibre combo port GE28 can be set as either Trunk or Access - the issue is the same.

 

I also use Fortigate Firewalls with a WAN interface, DMZ interface and LAN internal interface

The Firewall rules block any traffic from the internal interface going to or from either the WAN or LAN interface

---------------------------------------------------------------------------------

The concern.

When I look at the MAC Address Tables -> Dynamic Addresses I find that MAC addresses belonging on my

default VLAN, essential my in house LAN, are also listed as appearing on ports of multiple other VLANS

and always on the interfaces that connect to my Fortigate Firewalls that are in bridge mode to the respective vendors routers.

Not on the VLAN 300 which has devices running on it.

VLAN 1 : Interface GE28 - Fibre connection to another 6 Cisco SG300-28pp switches .

VLAN 100 : Interface GE1 - Connection to Fortigate firewall responsible for BT WAN

VLAN 200 : Interface GE13 - Connection to Fortigate firewall responsible for Virgin Fibre WAN

 

VLAN ID MAC Address Interface
VLAN 178:3e:53:41:8c:16GE28
VLAN 10078:3e:53:41:8c:16GE1
VLAN 20078:3e:53:41:8c:16GE13

 

-----------------------------------------------------------------------------------------

The Question.

How is this happening ?

What are the security implications ?

How can I prevent this ?

 

Looking forward to some assistance in resolving this headache

 

David

1 Accepted Solution

Accepted Solutions

Puneet

Thank you.

Actually the mac adddress is just an example. every mac address from my lan reappears on the VLAN 100 and VLAN 200.

To make it stop , I have had to unplug the LAN interfaces of my Fortigate 60E devices.

 

It would appear that the problem is with the Fortigate boxes.

 

The configuration is as per the diagram below, with the Fortigate 60E in

transparent mode acting as a firewall only and no internal routing between the

WAN or DMZ and the LAN.

                                                                                                                                               CISCO SG300-28

                                                                                                                                        +-------------------+

                     +-----------------+                           |----->  Server 1                           |                                  |

WAN 1 >>---|  FORTIGATE 60E    | ----->>>> DMZ +-----> Server 2               ---->   |  I/F set to VLAN 100  |

                     +--------+--------+                           |----->  Server 3                          |                                   |

                          LAN     |                                                                                                  |                                  |

                        internal  +--------------------------->>>> In house network  ---->  |    I/F  VLAN 1             |

                                                                                                                                        |                                  |

                        internal  +--------------------------->>>> In house network  ---->  |    I/F  VLAN 1             |

                          LAN     |                                                                                                 |                                   |

                     +--------+--------+                           |----->  Server 4                           |                                  |

WAN 2 >>---|  FORTIGATE 60E    | ----->>>> DMZ +-----> Server 5               ---->   |  I/F set to VLAN 200  |

                     +-----------------+                           |----->  Server 6                          |                                   |

                                                                                                                                        |                                   |

                                                                                                Computer 1          ---->   |    I/F  VLAN 1             |

                                                                                                Computer 2          ---->  |    I/F  VLAN 1              |

                                                                                                                                        +-------------------+

 

 

It appears that the Fortigate 60E sees mac addresses for Computer 1 and Computer 2 on its LAN interface

and repeats them on the DMZ interface which then makes them reappear on different ports.

This is causing delays in ARP processing as the MAC addresses are appearing as available on two

physical interfaces.

 

If anyone knows how to cure the Fortigates or any other help, I would be greatful.

 

Regards

 

David

 

View solution in original post

2 Replies 2

psandel
Cisco Employee
Cisco Employee

Hi David,

 

Hello once again. :)

 

My name is Puneet  and I am from Cisco small business support center. 

 

As per your concern kindly let us know that which device is having the MAC address 78:3e:53:41:8c:16

 

Compare it with your laptop or switch. This has to be MAC address of switch.

 

Also it has no impact on the security of the network. 

 

Regards,

Puneet Sandel

Technical Consulting Engineer-Level 2

Global CX Centers – Small Business Support

Puneet

Thank you.

Actually the mac adddress is just an example. every mac address from my lan reappears on the VLAN 100 and VLAN 200.

To make it stop , I have had to unplug the LAN interfaces of my Fortigate 60E devices.

 

It would appear that the problem is with the Fortigate boxes.

 

The configuration is as per the diagram below, with the Fortigate 60E in

transparent mode acting as a firewall only and no internal routing between the

WAN or DMZ and the LAN.

                                                                                                                                               CISCO SG300-28

                                                                                                                                        +-------------------+

                     +-----------------+                           |----->  Server 1                           |                                  |

WAN 1 >>---|  FORTIGATE 60E    | ----->>>> DMZ +-----> Server 2               ---->   |  I/F set to VLAN 100  |

                     +--------+--------+                           |----->  Server 3                          |                                   |

                          LAN     |                                                                                                  |                                  |

                        internal  +--------------------------->>>> In house network  ---->  |    I/F  VLAN 1             |

                                                                                                                                        |                                  |

                        internal  +--------------------------->>>> In house network  ---->  |    I/F  VLAN 1             |

                          LAN     |                                                                                                 |                                   |

                     +--------+--------+                           |----->  Server 4                           |                                  |

WAN 2 >>---|  FORTIGATE 60E    | ----->>>> DMZ +-----> Server 5               ---->   |  I/F set to VLAN 200  |

                     +-----------------+                           |----->  Server 6                          |                                   |

                                                                                                                                        |                                   |

                                                                                                Computer 1          ---->   |    I/F  VLAN 1             |

                                                                                                Computer 2          ---->  |    I/F  VLAN 1              |

                                                                                                                                        +-------------------+

 

 

It appears that the Fortigate 60E sees mac addresses for Computer 1 and Computer 2 on its LAN interface

and repeats them on the DMZ interface which then makes them reappear on different ports.

This is causing delays in ARP processing as the MAC addresses are appearing as available on two

physical interfaces.

 

If anyone knows how to cure the Fortigates or any other help, I would be greatful.

 

Regards

 

David