Solved: Re: About MAC address duplication.

speculor_cisco · ‎01-07-2011

In the "ccnp switch 642-813 official certification guide" by David Hucaby, you can find:

"Exactly what happens when a host’s MAC address is learned on one switch port, and then the host moves so that it appears on a different switch port? Ordinarily, the host’s original CAM table entry would have to age out after 300 seconds, while its address was learned on the new port. To avoid having duplicate CAM table entries, a switch purges any existing entries for a MAC address that has just been learned on a different switch port. This is a safe assumption because MAC addresses are unique, and a single host should never be seen on more than one switch port unless problems exist in the network."

I wondered if this is true only if the two ports belong to the same VLAN. If the two ports belong to two different VLANs, may be that it is not

possible for the switch to realize the duplication. Somewhere you can read:

"Table lookups are done with efficient search algorithms. A key is created to compare the frame to the table content. The destination MAC address and VLAN ID of a frame would constitute the key for Layer 2 table lookup. This key is fed into a hashing algorithm, which produces a pointer into the table. The system uses the pointer to access a smaller specific area of the table without requiring a search of the entire table."

If this is the firmware, it seems that it is not possible to realize a duplication in different VLANs. If instead the firmware is a little more intelligent, it would be possible. What does it happen in real world?

Thanks.

lgijssel · ‎01-07-2011

If you think about it thoroughly, you can see there is no real requirement for mac's to be globally unique.

This requirement is only within for vlans or better said: layer2 domains.

Protocols like for example HSRP make use of this by utilizing a virtual mac which is related to the group number.

You will see that an HSRP-group uses the same mac in different vlans and it works.

Only making inappropriate layer2 connections between such layer2 domains will cause problems.

regards,

Leo

View solution in original post

lgijssel · ‎01-07-2011

If you think about it thoroughly, you can see there is no real requirement for mac's to be globally unique.

This requirement is only within for vlans or better said: layer2 domains.

Protocols like for example HSRP make use of this by utilizing a virtual mac which is related to the group number.

You will see that an HSRP-group uses the same mac in different vlans and it works.

Only making inappropriate layer2 connections between such layer2 domains will cause problems.

regards,

Leo

speculor_cisco · ‎01-07-2011

Hello Leo and thanks for your answer.

For now, I was only concerned about dynamic MAC addresses learned from normal PCs.

I would like to know if the switch checks duplication only in the same VLAN.

speculor_cisco · ‎01-07-2011

Sorry Leo but only now I have realized that your answer is probably exaustive.

I had some doubts because I was not sure about the way a switch learns MAC addresses in HSRP scenarios.

I do not know why but I was thinking that it was possible to have static entries.

In other words, you say that, as in a HSRP scenario it is possible that a Layer 2 access switch has a MAC address of a Layer 3 distribution

switch (the gateway for all Pcs attached to the access switch) under different VLANs and that this MAC address was learned in the exact same way as it belonged to a normal Pc, this fact confirms that the duplication check is not done between different VLANs.

Can you confirm me your tip?

Thanks.

lgijssel · ‎01-07-2011

Yes, you are right.

Keep in mind that a layer2 switch always needs a mac table to operate efficiently.

An ip default gateway is also a layer3 device connected to the vlan so it has a mac address which is in the switch table.

With hsrp they are doing a trick with the mac address to allow redundancy.

I have attached a document with additional info on hsrp, hope this helps to clarify things.

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#topic3

regards,

Leo

speculor_cisco · ‎01-07-2011

Hello Leo and thanks for your confirmation.

hobbe · ‎01-07-2011

as I understand your question.

If you have a switch with 2 vlans and in both of the two vlans there is a computer with the same mac address, will it purge one of them or will it separate the mac-address table and have two instances, one for each vlan or what will happen.

I am not shure how it works, it should respond with mac address flapping error.. and depending on how you handle that the switch should do something.

I would not surprise me if it handles it differently depending on make and model of the switch.

I will try to give it a testspin during the weekend and get back here..

Message was edited by: hobbe

speculor_cisco · ‎01-07-2011

Hello Hobbe and thanks for your answer.

What do you think about my last post sent to Leo?

Do you think that the tip from Leo resolves the question?

hobbe · ‎01-07-2011

I will check this up and see what happens and how it looks and I will post it back to you.

nothing like empirical evidence. ;-)

hobbe · ‎01-09-2011

results are in..

Results both computers in the same vlan with identical Mac addresses, Vlan1 = native vlan

Switch#sh mac address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

All ffff.ffff.ffff STATIC CPU

1 88ae.1d7a.a193 DYNAMIC Gi2/0/11

Total Mac Addresses for this criterion: 21

and

Switch#sh mac address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

All ffff.ffff.ffff STATIC CPU

1 88ae.1d7a.a193 DYNAMIC Gi2/0/12

Total Mac Addresses for this criterion: 21

Logging states

*Mar 1 01:48:24.736: %SW_MATM-4-MACFLAP_NOTIF: Host 88ae.1d7a.a193 in vlan 1 is flapping between port Gi2/0/11 and port Gi2/0/12

********************************************************

Results one computer in vlan 2 and the other in vlan 3 with identical mac addresses.

Switch#sh mac address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

-------------------------------------------

All ffff.ffff.ffff STATIC CPU

2 88ae.1d7a.a193 DYNAMIC Gi2/0/1

3 88ae.1d7a.a193 DYNAMIC Gi2/0/3

no logging of mac address flapping

*******************************************************

So the answer to your original question is

If two mac addresses are identical but resides in different VLAN the switch will not alert that there are two identical Mac addresses.

if two mac addresses are identical in the same vlan the switch will only learn one at a time and it will flap between the different interfaces it is shown upon.

HTH

speculor_cisco · ‎01-09-2011

Hello hobbe and thanks for your good work.