Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

LAN Switching/Routing == IP/MAC Stripping???

Just got back from my CCNA exam (2nd take, 837 of 849 passing, GRR!) and there were 3 questions on my exam involving routers stripping source/destination IP/MAC addresses on packets going between Switches/VLANs... I've never seen anything like this... if I had gotten one of those right, I would've passed, too! Help?!?


Re: LAN Switching/Routing == IP/MAC Stripping???


Here's a quick summary:

- source/destination IP addresses are NOT modified by either routers or switches

- routers will modify the source and destination MAC addresses when forwarding packets from one LAN interface to another

- switches will not modify the source/destination MAC addresses when switching from one interface to another within the same VLAN (even if the destination is on another switch connected to it)

- when a switch is performing layer 3 switching, it will change the source/dest MAC if the packet is being routed between VLANs (this is probably not relevant for the CCNA exam)

Hope that helps - pls rate the post if it does.


Re: LAN Switching/Routing == IP/MAC Stripping???


from a general approach: L2 addresses (MAC) are there for local communication. L3 addresses (IP) are there for end-to-end communication.

From this you can conclude, that the destination IP should remain unchanged (NAT is the famous exception here), whereas from router to router the MAC address can/will change.

So usually a router will strip off complete L2 header (including source and dest MAC) and keep IP source and destination unchanged.

A L2 LAN switch operates at L2, i.e. it will keep besides L3 headers also L2 headers intact.

Hope this helps! Please rate all posts.

Regards, Martin


Re: LAN Switching/Routing == IP/MAC Stripping???

I'll toss in another view ..

You must think of these kinds of questions in terms of the OSI model.

As the data comes down the stack, it gets segmented at layer 4 (remember, layer 4, segments .. large chunks).

Layer three encapsulates the segments (frequently breaking them into smaller chunks - packets) and applies the destination network address. (remember - layer three - packets).

Layer 3 passes the packets to layer 2. Layer 2 encapsulates the packet in a frame (Ethernet is usually the context, but also applies to Frame-Relay, Token-Ring, and many others).

Layer two applies the local source address aka, the "Burned In Address (BIA), and the local destination address, the "MAC" addresses - local - meaning the same layer two domain - a VLAN - the broadcast domain. (Remember - Layer 2 - Frames).

Layer 2 passes the frame down to layer one where it is serialized and applied to the medium (copper, fiber, radio waves) as a bitstream (remember - layer 1 - bits).

The bits arrive at the local destination. If the destination is a router, then the bits are formed into a frame and handed to layer 2, if the destination MAC is for that device, the frame is stripped and the packet is handed to layer 3.

The router looks at the layer three address, if it has a destination (based on the destination layer three address compared to the router's forwarding table), the router sends the packet back to the layer 2 process for the outbound (egress) interface.

That interface re-encapsulates the packet in a frame with that interface's MAC (or layer two) address, hands it to layer one and the frame leave that interface as bits heading for the next hop. The MAC will "always" be from the source interface that sent it.

Every layer three device in the path, except the last one, only looks at the network portion of the layer three address to see if it has a destination and an interface that can deliver the packet to that destnation.

Segments(4) --> Packets(3) --> Frames(2) --> Bits(1) ---> media -->Bits(1) --> frames(2) --> packets (3)-->segments(4)(and up the stack for processing)

Switches are layer two devices, really just big multi-port bridges. Think of a bridge as a device that keeps the local traffic local to the collision domain ... and provides a path to other collision domains. It doesn't change anything, it just repeats the traffic to other collison domains (still propagates broadcasts & multicasts, will flood any unknown MAC addresses). Bridges (switches) terminate collision domains at every port.

Hubs are layer one devices (ala multi-port transceivers). Hubs just clock in pulses (bits) in one interface, and clocks 'em out on the others. It doesn't care about layer two or layer three ... or any other layer ... it's a layer one device, it just does bits ... like an active chunk of wire ... it emulates a chunk of cabling, it has the same capability as a chunk of cable, no more, no less, that's it.

All of this is much easier with diagrams. Hopefully with (at least) three explanations, you'll be able to get your head around it and make it over the top next time.

Good Luck


CreatePlease to create content