Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SG300 inter-VLAN routing and MAC address changes in incoming packets

Hello

I have SG300-20 working in Layer3 mode

VLAN1 is not used

Internet gateway is in VLAN211

Clients are in other VLANs

Switch is default gateway for clients and itself has internet gateway as default route.

MAC address of switch is XX:XX:XX:XX:XX:63

When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63

But in incoming packets source MAC address is XX:XX:XX:XX:XX:69

Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: SG300 inter-VLAN routing and MAC address changes in incoming

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.

I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.

At this time there is not an option to change this.

15 REPLIES

SG300 inter-VLAN routing and MAC address changes in incoming pac

Hi Alexandr,

I wonder if arp proxy is enabled on your switch ?

regards Dave

New Member

SG300 inter-VLAN routing and MAC address changes in incoming pac

Hello Dave

No, ARP Proxy is NOT enabled on my switch, I'd checked.

It was not enabled by default and I never enable it.

New Member

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Here is ping packets captured by Wireshark when pinging switch itself (192.168.1.210) and outside address.

In incoming ethernet frame for second ping MAC address of switch is changed.

Bronze

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hello Alexandr,

I have a feeling the source MAC is changing since the traffic would be coming from a different interface. I would like to confirm this and will do a quick test on my end as soon as I get wireshark installed. I will update you with results.

Bronze

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hello Alexandr,

I am not able to read the xml files in the zip file. Is there any way you can save the wireshark as a .pcap

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

New Member

Re: SG300 inter-VLAN routing and MAC address changes in incoming

See attached file

Bronze

Re: SG300 inter-VLAN routing and MAC address changes in incoming

I have completed the test and found that it does change as expected. When using the switch for layer3 routing, with or without it as your default gateway, this will happen.

I tested from two different vlans in two different ways and each time I pinged through the switch to another subnet the source MAC on the return packet was different on the last two. This caused because the return traffic is going through a different interface on the switch.

At this time there is not an option to change this.

New Member

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hello, Robert.

Many thanks for you help.

But I'm little confused, because I've got some programs that works slightly not by standard too. They send initial packet on router MAC address from ARP table and following packets on router MAC address extracted from incoming packet. And because MAC address in incoming packet is different from real switch MAC, following packets are losing.

Will it be some fixes for switch firmware for use only real MAC or accept packets with "virtual" switch MAC?

Bronze

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Alexandr,

This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

New Member

SG300 inter-VLAN routing and MAC address changes in incoming pac

Robert Cater написал(а):

Alexandr,

This is normal for the switch when working in layer 3 mode. I do not see that it will be changed. Is there any way to modify your application to work on layer 3 as well?

Is this normal for all switches working in layer3 or only for Small Business 300 series? May be replacement for other models will help?

No, I think application vendor uses MAC addresses inspection for ARP spoofing attack avoidance.

Bronze

SG300 inter-VLAN routing and MAC address changes in incoming pac

This is how it works for all the current small business model switches that do layer 3. I can not speak for our enterprise level switches though as I do not have one available for testing.

New Member

SG300 inter-VLAN routing and MAC address changes in incoming pac

Robert

Many thanks for your help.

New Member

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hi Robert,

I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.

When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.

Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.

Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.

Thanks,
Chris

Green

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hi Christian, I am assuming this is not being seen between 2 interfaces of the same VLAN?

May be related to bug

CSCub82382.

If you need support for this, please call the small business support center.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

Re: SG300 inter-VLAN routing and MAC address changes in incoming

Hi Tom,

I can't open the bug you mentioned. It tells me I have "Insufficient Permissions to View Bug".

Yes, this issue is not seen when we use the SG300 as a simple layer-2 switch. But we want to use the layer-3 routing features between two (or more) VLANs.

Chris

2785
Views
0
Helpful
15
Replies
CreatePlease to create content