Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
7
Replies

L3 switch VLAN mac address responding instead of PC mac address

Go to solution
insccisco
Level 1
Level 1

‎11-12-2008 10:09 AM - edited ‎03-06-2019 02:26 AM

I have a 3750 L3 and a 3550 which is connected (trunk) to the 3750.

All the VLANs are configured on the 3750.

When I ping a PC connected to the 3550 from insde the 3550, I get replies all good but the mac address which is returned is not the PC one.

I researched a bit and the mac address that the 3550 returns for the PC actually belongs to a VLAN configured at the 3750. This VLAN is not even the VLAN that the PC belongs to.

Is this the expected behavior?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to insccisco

‎11-12-2008 11:58 AM

Yes, this is eactly what Rick and myself were describing. If the 3550 has an interface in vlan 2 which is up/up then to all intents and purposes this is the management vlan.

For the 3550 to ping a PC in vlan 13 it has to send it to the it's default-gateway which will be the vlan 2 interface on the 3750.

Jon

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎11-12-2008 12:05 PM

Angel

One other point might be helpful. Remember that there are 2 places on the 3550 where you look and find MAC addresses. The layer 2 forwarding table (mac-address-table or cam depending on which switch platform) associates the MAC address of a device with the port it is connected to - and that is not what you are seeing. When you do show arp on a layer 2 switch you see IP addresses and MAC addresses that have been accessed from the management interface of the switch. The MAC that you see in the arp table is the MAC through which you send IP and it would be the MAC of the VLAN 2 interface on the 3750.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-12-2008 10:20 AM

Which vlan is the management vlan of the 3550 in ie. if you do a "sh ip int br" on the 3550 is there a vlan interface that is up/up ?

If so is the mac-address you are getting back when you ping the PC the mac-address of the management vlan SVI on the 3750.

Jon

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-12-2008 10:25 AM

Angel

If we knew a few more details (especially what VLAN the PC is in and what is the management VLAN of the 3550) we would be able to give a better answer. But it is likely that what you are seeing is quite normal expected behavior.

If you ping from the 3550 then the ping is source from the management address in the management VLAN of the 3550. Assuming that the destination PC is in a different VLAN then the ping is sent to the layer 3 interface on the 3750 for the management VLAN. The 3750 forwards to the VLAN where the PC is located and to the PC. The PC response is sent to its gateway, which probably is the layer 3 interface on the 3750 for that VLAN. The 3750 then forwards to the layer 3 interface for the managemenet VLAN and then to the 3550.

It is a general principle of forwarding that the layer 3 addressing stays the same from source device to destination device but that the layer 2 addressing is re-written at each device that must make a layer 3 forwarding decision.

So the mac address in the response coming to the 3550 is the mac address of the layer 3 on the 3750 that forwarded to the 3550.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to Richard Burts

‎11-12-2008 11:36 AM

This makes tons of sense guys.

The topology is as follows: 2 perimeter Routers doing HSRP, one core switch, the 3750 and one 3550 trunked to the 3750. There are 15 vlans (vlan2 to vlan 16) configured on the 3750.

I dont know much about VLAN management, so one was never really setup. Both switches have vlan1 configured with no ip address and shutdown.

Vlans 2 thru 16 are very active. The 3750, as you might guess, can be accessed just about from any VLAN and the 3550's IP is one that belongs to VLAN2.

Will VLAN2, then, be considered the 3550's management VLAN?

When we ping the PC (10.10.13.101) which belongs to VLAN13 (PC is physically connected to port16 on the 3550) from the 3550, we get successful replies. But, on the same 3550, when I do a "sh arp | i 10.10.13.101", the mac address I get is not the PCs; instead it is the mac address that belongs to VLAN 2

So, based on your comments, is this the reason why I am seeing this behavior?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to insccisco

‎11-12-2008 11:58 AM

Yes, this is eactly what Rick and myself were describing. If the 3550 has an interface in vlan 2 which is up/up then to all intents and purposes this is the management vlan.

For the 3550 to ping a PC in vlan 13 it has to send it to the it's default-gateway which will be the vlan 2 interface on the 3750.

Jon

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎11-12-2008 12:05 PM

Angel

One other point might be helpful. Remember that there are 2 places on the 3550 where you look and find MAC addresses. The layer 2 forwarding table (mac-address-table or cam depending on which switch platform) associates the MAC address of a device with the port it is connected to - and that is not what you are seeing. When you do show arp on a layer 2 switch you see IP addresses and MAC addresses that have been accessed from the management interface of the switch. The MAC that you see in the arp table is the MAC through which you send IP and it would be the MAC of the VLAN 2 interface on the 3750.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to Richard Burts

‎11-13-2008 10:54 AM

It now makes even mor sense than before... this is sexy info :)

thank you guys for the Knowledge.

Looks like this is the expected behavior...

now, with regards to Management VLANs, as I mentioned before, the 3550 has an IP address which is part of VLAN2. I recognize this is a pain because, for example, every time I create a VPN group so outside consultants can access the servers in VLAN2, I have to do extra work on the access lists to make sure they have no access (intentionally or unintentionally) to the 3550 IP address and also to the 3750.

What do you recommend for this?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to insccisco

‎11-13-2008 11:45 AM

Angel

The standard recommendation is to use a vlan for managing your switches that does not have any user or server/printer etc. ports in it. So you only have switch interfaces in this vlan.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card