CCIE Pursuit Blog

April 21, 2008

Beware The Man Of One Platform

Filed under: Cisco,IOS,Switching,Work — cciepursuit @ 3:26 pm
Tags: , , , ,

I vow to never be one of those guys that expects my word to be law once I am a CCIE.  This is not because I am humble (I’m not) or because the ‘Argument From Authority’ is a logical fallacy; it’s because I am wrong more often than I care to be and I will continue to be wrong more often than I care to be regardless of any digits or abbreviations after my name.  🙂

Case in point: I was troubleshooting an issue last week and was surprised to find that the VLAN interfaces (SVIs) on a 6500 series switch (an old piece of shit 6500 switch running DECNet….but I digress) each shared a single (virtual) MAC address.  I pointed this out to one of my co-workers and he said that this was normal.  I disagreed.  I jumped on a 3750 and showed him that each SVI had a unique MAC address.  I even labbed it up quickly on my 3560 to prove my point.

We noted that this might be an interesting anomaly, but it most likely was not our issue as we were troubleshooting a duplicate IP/HSRP/DECNet/STP loop issue.

Well it turns out that we were both right (and both wrong).  Depending on the platform (and IOS version?) Cisco switches may use the System MAC Address for each SVI or they may use a unique MAC Address (derived from the System MAC Address).  CCIE candidates can see this in their labs by noting the differences between the 3560s and 3550s:

3560 uses a unique MAC for each SVI:
sw1#sh ver | i IOS|emo
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
cisco WS-C3560-48PS (PowerPC405) processor (revision G0) with 118784K/12280K bytes of memory.
512K bytes of flash-simulated non-volatile configuration memory.

sw1(config-if)#do sh int | i Vlan|bia
Vlan1 is up, line protocol is up
  Hardware is EtherSVI, address is 0012.018f.d5c0(bia 0012.018f.d5c0)
Vlan2 is up, line protocol is up
  Hardware is EtherSVI, address is 0012.018f.d5c5(bia 0012.018f.d5c5)
Vlan3 is up, line protocol is up
  Hardware is EtherSVI, address is 0012.018f.d5c6(bia 0012.018f.d5c6)
Vlan4 is up, line protocol is up
  Hardware is EtherSVI, address is 0012.018f.d5c7(bia 0012.018f.d5c7)

3550 uses the same MAC for each SVI:
sw3#sh ver | i IOS|emo
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
Cisco WS-C3550-24(PowerPC) processor (revision D0) with 65526K/8192K bytes of memory.

Vlan1 is administratively down, line protocol is down
  Hardware is EtherSVI, address is 000a.410e.0600(bia 000a.410e.0600)
Vlan2 is up, line protocol is up
  Hardware is EtherSVI, address is 000a.410e.0600(bia 000a.410e.0600)
Vlan3 is up, line protocol is up
  Hardware is EtherSVI, address is 000a.410e.0600(bia 000a.410e.0600)
Vlan4 is up, line protocol is down
  Hardware is EtherSVI, address is 000a.410e.0600(bia 000a.410e.0600)

Scott Morris has an article on this issue.

Now you’ll notice that all of the VLAN interfaces have the same MAC address. This is the System MAC address. The reason this is OK has to do with where MAC addresses are used.

A MAC address must be unique within a Layer2 network, a broadcast domain or subnet. Each VLAN is a separate L2 network, broadcast domain and subnet. So there should be no possibility for overlap here and nothing to worry about.

If your configuration is creating some strange bridging or other cross-VLAN behavior, there may be the possibility of odd behavior, but that isn’t the normal issue at all!

So, in the grand scheme of things, you shouldn’t see any duplicate MAC addresses in any place that makes a difference.

Advertisements

7 Comments »

  1. Checked with mine 6500/sup2, same thing here – every VLAN has identical MAC.

    Comment by Michal M. — April 26, 2008 @ 4:35 am | Reply

  2. I’m just writing to your reply. Does this mean that a router can use a single MAC address for all interfaces. Because all interfaces are separate L2 network.

    Comment by Masood Ahmad Shah — April 26, 2008 @ 5:37 am | Reply

  3. There’s a similar phenomenon with the use of ‘standby-use-bia’ on HSRP interfaces across multiple VLANs on the same interface. Essentially different VLANs start sharing the same MAC. Then we had a misconfigured load balancer rule bridging two VLANs and confusing the switch in the middle that was seeing the same MAC.

    Comment by Sid — April 26, 2008 @ 2:49 pm | Reply

  4. DC-6509#sh ver | i IOS|emo
    IOS ™ s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF13, RELEASE SOFTWARE (fc1)
    cisco WS-C6509-E (R7000) processor (revision 1.4) with 458720K/65536K bytes of memory.
    1917K bytes of non-volatile configuration memory.
    8192K bytes of packet buffer memory.

    DC-6509#sh int | i Vlan|bia
    Vlan1 is administratively down, line protocol is down
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan2 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan99 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan200 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan1090 is administratively down, line protocol is down
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan1091 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan1092 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan1093 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)
    Vlan1099 is up, line protocol is up
    Hardware is EtherSVI, address is 001f.9d81.8000 (bia 001f.9d81.8000)

    Comment by FoosYou — April 28, 2008 @ 7:32 am | Reply

  5. 4510 w/ SupV-10GE, same thing…
    Can these be manually set?

    4510#sh ver | i IOS|emo|Supervisor
    Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASE-M), Version
    12.2(40)SG, RELEASE SOFTWARE (fc2)
    cisco WS-C4510R (MPC8540) processor (revision 11) with 524288K bytes of memory.
    MPC8540 CPU at 800Mhz, Supervisor V-10GE
    511K bytes of non-volatile configuration memory.

    4510#sh int | i Vlan|bia
    Vlan1 is up, line protocol is up
    Hardware is Ethernet SVI, address is 001e.13ca.7b3f (bia 001e.13ca.7b3f)
    Vlan2 is up, line protocol is up
    Hardware is Ethernet SVI, address is 001e.13ca.7b3f (bia 001e.13ca.7b3f)
    Vlan3 is up, line protocol is up
    Hardware is Ethernet SVI, address is 001e.13ca.7b3f (bia 001e.13ca.7b3f)
    Vlan4 is up, line protocol is up
    Hardware is Ethernet SVI, address is 001e.13ca.7b3f (bia 001e.13ca.7b3f)
    Vlan5 is up, line protocol is up
    Hardware is Ethernet SVI, address is 001e.13ca.7b3f (bia 001e.13ca.7b3f)

    Comment by Justin Campbell — April 28, 2008 @ 8:32 am | Reply

  6. Just some more information for those interested in this topic…

    The 3560/3750 will use unique MAC addresses for SVI, but only up to a point, then it will allocate the same MAC address (because it runs out of MAC addresses eventually). Another issue is that you cannot set the MAC address on an interface manually on these models, but you can on, say, the 6500.

    Here is a wiki page I wrote with details of MAC address usage for the 3560/3750, and a link to the Cisco.com document showing which platforms allow you to set the MAC address manually on interfaces:

    http://supportwiki.cisco.com/ViewWiki/index.php/MAC_Addresses_used_by_the_Cisco_3750

    I hope that helps!

    Comment by Oliver Gorwits — May 4, 2008 @ 2:47 am | Reply

  7. I found about this myself about a few months ago. The way switch deals with is by associating every mac in its CAM table with a VLAN. This allows a L3 switch to learn the same MAC address from either the L3 engine for different L3 vlan interfaces or a swithport as long as they belong to different VLANs. This is also one of the reason why we specify a valn id when configuring a static MAC entry.

    I belive this is going to be an issue when you are connecting two VRFs on a 6500 using a transparesnt firewall.

    Here is the link

    http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c9b4e.shtml

    -Rakesh

    Comment by Rakesh — May 5, 2008 @ 1:52 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: