Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
0
Helpful
5
Replies

Devices Connected to 3750 MDF Using Switch MAC Address

Go to solution
jmbattlemotors
Level 1
Level 1

‎02-28-2023 01:18 PM

We have a stack of Catalyst 3750 switches setup as an MDF. This stack is also the default gateway for all internal networks. The issue I'm running into is that when traffic reaches our firewall (or any other device), it shows up using the MAC address of the MDF instead of the device itself. Basically when I'm looking through my firewall traffic, it looks like everything is coming from one device because all traffic is getting sent from the gateway's MAC. Is there a way I can disable this in the Catalyst so that the MAC of the actual device is sent instead of the switch/gateway? I've never had a network use a switch as the default gateway before, so this setup is a little new for me.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to jmbattlemotors

‎03-01-2023 06:49 AM

That's expected/normal behavior.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-28-2023 04:28 PM

Are you saying the FW and host are all on/within the same network/L2-domain and your FW is "seeing" the gateway MAC (for that same network/L2-domain)?

If so, you would need to explain how your FW functions.

On the other hand, if your hosts and FW were in different networks/L2-domains, the gateway MAC used by your hosts would not be the same gateway MAC seen by your FW, although, yes, at the L2 level, all the traffic would have the FW's gateway MAC.

Basically, in the latter situation, the topology (logically) would be like host <> switch <> router <> switch <> FW or for an L3 switch like host <> L3 switch <> FW.

What you might be expecting is a topology like: host <> L2 switch <> FW.

If L3 switch is being used as L3 (e.g. gateways), it's logically like the switch <> router <> switch.

0 Helpful

Go to solution
jmbattlemotors
Level 1
Level 1
In response to Joseph W. Doherty

‎03-01-2023 06:34 AM

It is L3 with multiple VLANs. The MDF/switch acts as the default gateway for every VLAN we have, so it has an interface on each. We then have a static route that sends any traffic on those VLANs to our firewall and then out to the internet. So for example, VLAN20 is our wireless network. We may have a device with the IP 10.51.20.200. The gateway for that network would be 10.51.20.254 (the switch), then the next hop would be 10.51.5.245 (the firewall). So when this device reaches the firewall and I can see the traffic in the logs, it shows up with the MAC of the switch instead of the device itself.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to jmbattlemotors

‎03-01-2023 06:49 AM

That's expected/normal behavior.

0 Helpful

Go to solution
jmbattlemotors
Level 1
Level 1
In response to Joseph W. Doherty

‎03-01-2023 06:51 AM

OK, thanks for confirming. Like I said, I've never had a switch act as the gateway like this before, so this setup is new for me.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to jmbattlemotors

‎03-01-2023 07:28 AM

No problem.  Remember a L3 switch, in one device, can operate like L2 switch <> router <> L2 switch.  (When L3 switches first came on the market, it could take a bit of time to understand them [well for some of us, laugh].)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card