10-29-2010 06:48 AM - edited 03-06-2019 01:47 PM
Hello All,
I was wondering if anyone might be able to help me with this question: Why do multicast mac addresses that a switch (6509) learns by igmp snooping appear in the mac address table as 'static' mac addresses , and how do you clear them ?
Example:
vlan mac address type learn qos ports
-----+---------------+--------+-----+---+--------------------------------
130 0100.5e7f.83c8 static Yes - Po1
show mac-address-table AD 0100.5e7f.83c8
Legend: * - primary entry age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
Module 3: * 130 0100.5e7f.83c8 static Yes - Po1
Module 4: * 130 0100.5e7f.83c8 static Yes - Po1
Active Supervisor: * 130 0100.5e7f.83c8 static Yes - Po1
Standby Supervisor: * 130 0100.5e7f.83c8 static Yes - Po1
Module 7: * 130 0100.5e7f.83c8 static Yes - Po1
Module 8[FE 1]: * 130 0100.5e7f.83c8 static Yes - Po1
Module 8[FE 2]: * 130 0100.5e7f.83c8 static Yes - Po1
Module 9[FE 1]: * 130 0100.5e7f.83c8 static Yes - Po1
Module 9[FE 2]: * 130 0100.5e7f.83c8 static Yes - Po1
Despite removing the igmp snooping querier from the SVI of this vlan 130, I can't remove this mac entry - and even though it displays as static, it doesn't appear in the running config and so you can't use "no mac-address-table static".
Thanks very much in advance,
Chris.
Solved! Go to Solution.
11-02-2010 02:05 PM
Hello Chris,
I have observed that the Catalyst switches often label selected MAC addresses as static - for example, a secure MAC address, even if learned dynamically, is called static in the show mac address-table output. Similarly, the MAC addresses derived by IGMP snooping are also labeled as static. I assume that this distinction is present because normal MAC address table aging mechanisms should not apply on such addresses, and this is the way the exemption is done.
The MAC addresses derived by IGMP snooping will be removed if the subscribed stations leave the respective groups, or if the IGMP snooping is deactivated itself. You have indicated you have removed the IGMP querier configuration. That alone is not sufficient. An IGMP querier is an additional function of a switch to emit IGMP queries itself, and is used if there is no multicast-capable router in the VLAN, but it does not influence the creation of multicast MAC address entries. If you would like to remove those entries then you need to disable the IGMP snooping on that VLAN using the no ip igmp snooping vlan 130 command.
By looking on the form of the MAC address, it seems that the MAC address corresponds to one of the following 32 possible IP addresses:
224.127.131.200
224.255.131.200
225.127.131.200
225.255.131.200
...
239.127.131.200
239.255.131.200
Some stations are obviously subscribed to some of these groups - try to use the show ip igmp snooping groups and show ip igmp group commands to find out which ports and which stations are requesting the membership in one of these groups.
Best regards,
Peter
11-02-2010 02:05 PM
Hello Chris,
I have observed that the Catalyst switches often label selected MAC addresses as static - for example, a secure MAC address, even if learned dynamically, is called static in the show mac address-table output. Similarly, the MAC addresses derived by IGMP snooping are also labeled as static. I assume that this distinction is present because normal MAC address table aging mechanisms should not apply on such addresses, and this is the way the exemption is done.
The MAC addresses derived by IGMP snooping will be removed if the subscribed stations leave the respective groups, or if the IGMP snooping is deactivated itself. You have indicated you have removed the IGMP querier configuration. That alone is not sufficient. An IGMP querier is an additional function of a switch to emit IGMP queries itself, and is used if there is no multicast-capable router in the VLAN, but it does not influence the creation of multicast MAC address entries. If you would like to remove those entries then you need to disable the IGMP snooping on that VLAN using the no ip igmp snooping vlan 130 command.
By looking on the form of the MAC address, it seems that the MAC address corresponds to one of the following 32 possible IP addresses:
224.127.131.200
224.255.131.200
225.127.131.200
225.255.131.200
...
239.127.131.200
239.255.131.200
Some stations are obviously subscribed to some of these groups - try to use the show ip igmp snooping groups and show ip igmp group commands to find out which ports and which stations are requesting the membership in one of these groups.
Best regards,
Peter
11-03-2010 08:08 AM
Hi Peter, Thanks for the answer - I tried using "no ip igmp snooping" on the interface and it worked - the mac addresses cleared ! I've also changed from using the igmp snooping querier to proper pim sparse-mode. There do seem to be a few bugs associated with using the querier. The original order of events that led to my query was that : 1. the static igmp-snooped mac addresses existed, 2. the servers were disconnected, 3. even after a couple of hours the mac addresses persisted, 4. I removed the querier 5. the mac addresses still persisted. - seems possibly buggy to me. With the querier it wasn't possible to see the group but with pim configured, it does appear: Group Address Interface Uptime Expires Last Reporter Group Accounted 239.255.131.200 Vlan130 04:00:10 00:02:08 192.168.131.200 Thanks again for your help, Chris.
11-03-2010 02:05 PM
Hi Chris,
Can you please post the configuration of your device, at least the relevant parts? It would be helpful.
Best regards,
Peter
11-05-2010 07:43 AM
11-06-2010 03:27 PM
Hi Chris,
Your current configuration looks fine. It does not contain any IGMP Snooping configuration commands so it is somewhat difficult to tell whether that was configured correctly - but if this config works for you then I see no reason to change it.
I would have to do some tests with the IGMP Snooping Querier function in the lab to see if it works nicely. If you are interested, I can try to find the time for that.
Best regarsd,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: