Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
3
Helpful
4
Replies

Switches discovering MAC Address of Routers

Go to solution
gic1
Level 1
Level 1

‎08-21-2023 02:30 PM

If a switch learns the mac address of a device connected to its port when it receives a frame, why does the switch automatically learn the MAC address of this router? Without it receiving an arp request and responding to the switch?

Labels:
Preview file
22 KB
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎08-21-2023 03:55 PM

Hi @gic1 

This is probably due the switch sending out STP BPDU every 2 seconds by default.

View solution in original post

Go to solution
David Ruess
VIP
VIP

‎08-21-2023 04:25 PM

In addition to what @Flavio Miranda said by default CISCO enables CDP which sends information on the wire. When an interface is up and connected its very rate that there is NOT any traffic passing. Even if you don't configure anything there is defaults running in the  background.

-David

View solution in original post

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-21-2023 04:53 PM

As both @Flavio Miranda and @David Ruess have written, often there's "background" frames that a host sends out, without being explicitly requested.

David's example, CDP, and perhaps LLDP, would be likely the most common on-going, non-requested frames, being generated by the router's interface.

Flavio's example, for a router L3 port, probably wouldn't apply, but would if the router were a switch.  (Switches also usually have other background frames being sent out, which on a router's port, are often counted as "unknown protocol" packets.)

When the router's port first comes on-line, if it has an IP address, it might also do a gratuitous ARP.

What you might try, for an experiment, is ACL block all outbound traffic on that interface, log it, and see whether switch still acquires the MAC and/or what the ACL logging shows.

View solution in original post

4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎08-21-2023 03:55 PM

Hi @gic1 

This is probably due the switch sending out STP BPDU every 2 seconds by default.

Go to solution
David Ruess
VIP
VIP

‎08-21-2023 04:25 PM

In addition to what @Flavio Miranda said by default CISCO enables CDP which sends information on the wire. When an interface is up and connected its very rate that there is NOT any traffic passing. Even if you don't configure anything there is defaults running in the  background.

-David

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-21-2023 04:53 PM

As both @Flavio Miranda and @David Ruess have written, often there's "background" frames that a host sends out, without being explicitly requested.

David's example, CDP, and perhaps LLDP, would be likely the most common on-going, non-requested frames, being generated by the router's interface.

Flavio's example, for a router L3 port, probably wouldn't apply, but would if the router were a switch.  (Switches also usually have other background frames being sent out, which on a router's port, are often counted as "unknown protocol" packets.)

When the router's port first comes on-line, if it has an IP address, it might also do a gratuitous ARP.

What you might try, for an experiment, is ACL block all outbound traffic on that interface, log it, and see whether switch still acquires the MAC and/or what the ACL logging shows.

Go to solution
gic1
Level 1
Level 1

‎08-22-2023 05:56 AM

Thank you all for your responses. I appreciate it!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card