cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6504
Views
0
Helpful
5
Replies

Multicast mac addresses

chris.smailes
Level 1
Level 1

Hello All,

I was wondering if anyone might be able to help me with this question: Why do multicast mac addresses that a switch (6509) learns by igmp snooping appear in the mac address table as 'static' mac addresses , and how do you clear them ?

Example:

vlan  mac address    type  learn qos            ports

-----+---------------+--------+-----+---+--------------------------------

130  0100.5e7f.83c8    static  Yes          -  Po1

show mac-address-table AD 0100.5e7f.83c8

Legend: * - primary entry         age - seconds since last seen

         n/a - not available

vlan  mac address    type    learn    age              ports

------+----------------+--------+-----+----------+--------------------------

Module 3: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 4: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Active Supervisor: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Standby Supervisor: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 7: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 8[FE 1]: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 8[FE 2]: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 9[FE 1]: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Module 9[FE 2]: *  130  0100.5e7f.83c8    static  Yes          -  Po1

Despite removing the igmp snooping querier from the SVI of this vlan 130, I can't remove this mac entry - and even though it displays as static, it doesn't appear in the running config and so you can't use "no mac-address-table static".

Thanks very much in advance,

Chris.

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hello Chris,

I have observed that the Catalyst switches often label selected MAC addresses as static - for example, a secure MAC address, even if learned dynamically, is called static in the show mac address-table output. Similarly, the MAC addresses derived by IGMP snooping are also labeled as static. I assume that this distinction is present because normal MAC address table aging mechanisms should not apply on such addresses, and this is the way the exemption is done.

The MAC addresses derived by IGMP snooping will be removed if the subscribed stations leave the respective groups, or if the IGMP snooping is deactivated itself. You have indicated you have removed the IGMP querier configuration. That alone is not sufficient. An IGMP querier is an additional function of a switch to emit IGMP queries itself, and is used if there is no multicast-capable router in the VLAN, but it does not influence the creation of multicast MAC address entries. If you would like to remove those entries then you need to disable the IGMP snooping on that VLAN using the no ip igmp snooping vlan 130 command.

By looking on the form of the MAC address, it seems that the MAC address corresponds to one of the following 32 possible IP addresses:

224.127.131.200

224.255.131.200

225.127.131.200

225.255.131.200

...

239.127.131.200

239.255.131.200

Some stations are obviously subscribed to some of these groups - try to use the show ip igmp snooping groups and show ip igmp group commands to find out which ports and which stations are requesting the membership in one of these groups.

Best regards,

Peter

View solution in original post

5 Replies 5

Peter Paluch
Cisco Employee
Cisco Employee

Hello Chris,

I have observed that the Catalyst switches often label selected MAC addresses as static - for example, a secure MAC address, even if learned dynamically, is called static in the show mac address-table output. Similarly, the MAC addresses derived by IGMP snooping are also labeled as static. I assume that this distinction is present because normal MAC address table aging mechanisms should not apply on such addresses, and this is the way the exemption is done.

The MAC addresses derived by IGMP snooping will be removed if the subscribed stations leave the respective groups, or if the IGMP snooping is deactivated itself. You have indicated you have removed the IGMP querier configuration. That alone is not sufficient. An IGMP querier is an additional function of a switch to emit IGMP queries itself, and is used if there is no multicast-capable router in the VLAN, but it does not influence the creation of multicast MAC address entries. If you would like to remove those entries then you need to disable the IGMP snooping on that VLAN using the no ip igmp snooping vlan 130 command.

By looking on the form of the MAC address, it seems that the MAC address corresponds to one of the following 32 possible IP addresses:

224.127.131.200

224.255.131.200

225.127.131.200

225.255.131.200

...

239.127.131.200

239.255.131.200

Some stations are obviously subscribed to some of these groups - try to use the show ip igmp snooping groups and show ip igmp group commands to find out which ports and which stations are requesting the membership in one of these groups.

Best regards,

Peter

Hi Peter, Thanks for the answer - I tried using "no ip igmp snooping" on the interface and it worked - the mac addresses cleared ! I've also changed from using the igmp snooping querier to proper pim sparse-mode. There do seem to be a few bugs associated with using the querier. The original order of events that led to my query was that : 1. the static igmp-snooped mac addresses existed, 2. the servers were disconnected, 3. even after a couple of hours the mac addresses persisted, 4. I removed the querier 5. the mac addresses still persisted. - seems possibly buggy to me. With the querier it wasn't possible to see the group but with pim configured, it does appear: Group Address    Interface                Uptime    Expires  Last Reporter  Group Accounted 239.255.131.200  Vlan130                  04:00:10  00:02:08  192.168.131.200 Thanks again for your help, Chris.

Hi Chris,

Can you please post the configuration of your device, at least the relevant parts? It would be helpful.

Best regards,

Peter

Hi Peter I've attached the relevant parts of the config as a text file as requested. Regards, Chris.

Hi Chris,

Your current configuration looks fine. It does not contain any IGMP Snooping configuration commands so it is somewhat difficult to tell whether that was configured correctly - but if this config works for you then I see no reason to change it.

I would have to do some tests with the IGMP Snooping Querier function in the lab to see if it works nicely. If you are interested, I can try to find the time for that.

Best regarsd,

Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: