Solved: Re: MAC addresses of a switch attached to VLANs - generic questi

hostettle · ‎03-21-2013

Hello,

I'm going to try to be clear.

It seems that the MAC addresses of switches are either attached to a port or to a VLAN.

In the case of a MAC address is attached to a VLAN, it is in fact attached to all ports that participate to the VLAN.

For example, if the management port is declared in VLAN #46, and if we assign only ports #3, #11 to the VLAN #46, we can manage the switch through the ports #3 and #11, and not through the other ports.

In this case, the MAC frames that include an IP datagram for the switch management have always the same MAC-DA address, whatever the port #3 or the port #11 these MAC frames are entering.

Is i correct?

Have you some comments?

Best regards,

Michel

Giuseppe Larosa · ‎03-21-2013

Hello Michel,

your understanding is correct, because the destination MAC address is that associated to SVI L3 interface Vlan46 in your example.

On the other hand, STP BPDU frames originated at port #3 and port #11 will be sourced with a different source MAC address the one associated to the specific L2 port. These MAC addresses belong to the MAC address ranges that in a modular switch can be seen in the output of show module.

It is likely in most platforms that all SVI interfaces defined on the switch will use the same MAC address.

In some cases where for example a FWSM firewall module is installed in a C6500 and it is used as a transparent firewall, to achieve communication between different SVIs on different VRFs the MAC address used has to be differentiated.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎03-21-2013

Hello Michel,

your understanding is correct, because the destination MAC address is that associated to SVI L3 interface Vlan46 in your example.

On the other hand, STP BPDU frames originated at port #3 and port #11 will be sourced with a different source MAC address the one associated to the specific L2 port. These MAC addresses belong to the MAC address ranges that in a modular switch can be seen in the output of show module.

It is likely in most platforms that all SVI interfaces defined on the switch will use the same MAC address.

In some cases where for example a FWSM firewall module is installed in a C6500 and it is used as a transparent firewall, to achieve communication between different SVIs on different VRFs the MAC address used has to be differentiated.

Hope to help

Giuseppe

hostettle · ‎03-21-2013

Hello Giuseppe,

Thanks for this reply

> your understanding is correct, because the destination MAC address is that associated to

> SVI L3 interface Vlan46 in your example.

So, in this case : Vlan46 <=> A specific MAC address <=> A specific IP address

> On the other hand, STP BPDU frames originated at port #3 and port #11 will be sourced

> with a different source MAC address the one associated to the specific L2 port.

It is exactly why I wanted to write this post, to clarify this opposition (...probably simple). There is at least a reason: the BPDU connectivity is a link segment connectivity that cannot go through the matrix switching of a bridge.

> It is likely in most platforms that all SVI interfaces defined on the switch will use

> the same MAC address.

Thanks fo your experience

> In some cases where for example a FWSM firewall module is installed in a C6500 and

> it is used as a transparent firewall, to achieve communication between different SVIs

> on different VRFs the MAC address used has to be differentiated.

I keep that in memory

Best regards,

Michel

MAC addresses of a switch attached to VLANs - generic question