×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SG300 inter-VLAN routing and MAC address changes in incoming packets

Answered Question
Apr 1st, 2012
User Badges:

Hello


I have SG300-20 working in Layer3 mode

VLAN1 is not used

Internet gateway is in VLAN211

Clients are in other VLANs

Switch is default gateway for clients and itself has internet gateway as default route.

MAC address of switch is XX:XX:XX:XX:XX:63

When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63

But in incoming packets source MAC address is XX:XX:XX:XX:XX:69


Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

Correct Answer by rocater about 5 years 4 months ago

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.


I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.


At this time there is not an option to change this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
David Hornstein Tue, 04/03/2012 - 08:31
User Badges:
  • Gold, 750 points or more

Hi Alexandr,


I wonder if arp proxy is enabled on your switch ?


regards Dave


alexandrfedchenko Wed, 04/04/2012 - 02:18
User Badges:

Hello Dave


No, ARP Proxy is NOT enabled on my switch, I'd checked.

It was not enabled by default and I never enable it.

alexandrfedchenko Tue, 04/10/2012 - 23:12
User Badges:

Here is ping packets captured by Wireshark when pinging switch itself (192.168.1.210) and outside address.

In incoming ethernet frame for second ping MAC address of switch is changed.

Attachment: 
rocater Wed, 04/11/2012 - 06:40
User Badges:
  • Bronze, 100 points or more

Hello Alexandr,


I have a feeling the source MAC is changing since the traffic would be coming from a different interface. I would like to confirm this and will do a quick test on my end as soon as I get wireshark installed. I will update you with results.

rmanthey Wed, 04/11/2012 - 07:13
User Badges:
  • Bronze, 100 points or more

Hello Alexandr,


I am not able to read the xml files in the zip file. Is there any way you can save the wireshark as a .pcap




Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

Correct Answer
rocater Wed, 04/11/2012 - 07:29
User Badges:
  • Bronze, 100 points or more

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.


I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.


At this time there is not an option to change this.

alexandrfedchenko Wed, 04/11/2012 - 21:56
User Badges:

Hello, Robert.


Many thanks for you help.


But I'm little confused, because I've got some programs that works slightly not by standard too. They send initial packet on router MAC address from ARP table and following packets on router MAC address extracted from incoming packet. And because MAC address in incoming packet is different from real switch MAC, following packets are losing.


Will it be some fixes for switch firmware for use only real MAC or accept packets with "virtual" switch MAC?

rocater Thu, 04/12/2012 - 07:12
User Badges:
  • Bronze, 100 points or more

Alexandr,


This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

alexandrfedchenko Thu, 04/12/2012 - 22:58
User Badges:

Robert Cater написал(а):


Alexandr,


This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

Is this normal for all switches working in layer3 or only for Small Business 300 series? May be replacement for other models will help?


No, I think application vendor uses MAC addresses inspection for ARP spoofing attack avoidance.

rocater Fri, 04/13/2012 - 06:05
User Badges:
  • Bronze, 100 points or more

This is how it works for all the current small business model switches that do layer 3. I can not speak for our enterprise level switches though as I do not have one available for testing.

candritzky Thu, 09/19/2013 - 02:17
User Badges:

Hi Robert,


I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.


When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.


Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.


Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.


Thanks,
Chris

Tom Watts Thu, 09/19/2013 - 08:17
User Badges:
  • Green, 3000 points or more

Hi Christian, I am assuming this is not being seen between 2 interfaces of the same VLAN?

May be related to bug

CSCub82382.


If you need support for this, please call the small business support center.



-Tom
Please mark answered for helpful posts

candritzky Thu, 09/19/2013 - 23:29
User Badges:

Hi Tom,


I can't open the bug you mentioned. It tells me I have "Insufficient Permissions to View Bug".


Yes, this issue is not seen when we use the SG300 as a simple layer-2 switch. But we want to use the layer-3 routing features between two (or more) VLANs.


Chris

Actions

This Discussion

Related Content