- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 02:30 PM
If a switch learns the mac address of a device connected to its port when it receives a frame, why does the switch automatically learn the MAC address of this router? Without it receiving an arp request and responding to the switch?
Solved! Go to Solution.
- Labels:
-
LAN Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 03:55 PM
Hi @gic1
This is probably due the switch sending out STP BPDU every 2 seconds by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 04:25 PM
In addition to what @Flavio Miranda said by default CISCO enables CDP which sends information on the wire. When an interface is up and connected its very rate that there is NOT any traffic passing. Even if you don't configure anything there is defaults running in the background.
-David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 04:53 PM
As both @Flavio Miranda and @David Ruess have written, often there's "background" frames that a host sends out, without being explicitly requested.
David's example, CDP, and perhaps LLDP, would be likely the most common on-going, non-requested frames, being generated by the router's interface.
Flavio's example, for a router L3 port, probably wouldn't apply, but would if the router were a switch. (Switches also usually have other background frames being sent out, which on a router's port, are often counted as "unknown protocol" packets.)
When the router's port first comes on-line, if it has an IP address, it might also do a gratuitous ARP.
What you might try, for an experiment, is ACL block all outbound traffic on that interface, log it, and see whether switch still acquires the MAC and/or what the ACL logging shows.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 03:55 PM
Hi @gic1
This is probably due the switch sending out STP BPDU every 2 seconds by default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 04:25 PM
In addition to what @Flavio Miranda said by default CISCO enables CDP which sends information on the wire. When an interface is up and connected its very rate that there is NOT any traffic passing. Even if you don't configure anything there is defaults running in the background.
-David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2023 04:53 PM
As both @Flavio Miranda and @David Ruess have written, often there's "background" frames that a host sends out, without being explicitly requested.
David's example, CDP, and perhaps LLDP, would be likely the most common on-going, non-requested frames, being generated by the router's interface.
Flavio's example, for a router L3 port, probably wouldn't apply, but would if the router were a switch. (Switches also usually have other background frames being sent out, which on a router's port, are often counted as "unknown protocol" packets.)
When the router's port first comes on-line, if it has an IP address, it might also do a gratuitous ARP.
What you might try, for an experiment, is ACL block all outbound traffic on that interface, log it, and see whether switch still acquires the MAC and/or what the ACL logging shows.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 05:56 AM
Thank you all for your responses. I appreciate it!