Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

HSRP MAC migration


I need a idea from your expertise.

For example Switch-A is active

Switch-B is standby

Switch-C connects these two switches and Hosts

When HSRP is configured, as soon as the Active switch / its link goes down, the active MAC is been taken over by Standby switch. Hope i am correct

During this transition period, MAC address of Switch-A will be learnt in fa 0/1 port of Switch-C. When Switch-A is down the MAC address is moved to Switch-B. But the mac address table of Switch-C still Points to fa0/1. After the aging only it will be moved to fa 0/2 where Switch-B is connected.

Hope i understood the concept in right way. How this actually works?


Hall of Fame Super Silver

Re: HSRP MAC migration

Hello R.B. Kumar,

good note I had the same thoughts when I first studied HSRP.

The device taking the role of HSRP Active sends a gratuitos ARP and doing so it refreshes the CAM table of switches in the middle otherwise HSRP would be useless in a switched environment.

So they now know that VIP MAC is now on port fas0/2

I did tests on this that confirmed this behaviour in the past.

you can use

sh mac-address-table interface fas0/1

sh mac-address-table interface fas0/2

before and after switchover

Hope to help


New Member

Re: HSRP MAC migration

Hi Giuseppe,

Thanks for your comment.

While getting this concept, suddenly i have another thought, perhaps it is very basic.

What will happen if host-A with MAC 00:00:00:00:00:01 is connected in Fa0/1 and Host-B(Attacker) connects his laptop configured with same MAC in fa 0/2 and send gratious ARP. I know it may result in duplicate error message. But whether it will erase the CAM entry of Fa0/1 ? and Host-B MAC will be entered?


Hall of Fame Super Silver

Re: HSRP MAC migration

Hello R.B Kumar,

yes the last overrides if this happens multiple times error messages about too many moves of MAC xx or MAC address flapping between ports Y and Z appear.

Most of MAC attacks are done to fill the CAM table with a brute force attack:

frames with a random source mac addresses are sent in an attempt to fill the CAM.

if the CAM is full the switch will behave like an hub and attacker can perform man in the middle attacks.

port security can protect from this type of attack

Then, there are more intelligent attacks that use gratuitos ARP to setup a man in the middle scenario to protect from this type of attack DAI dynamic arp inspection with other features like ip source guard and DHCP snooping can be used.

Hope to help


CreatePlease to create content