10 Replies Latest reply: Oct 5, 2011 8:22 AM by Difan Zhao RSS

    why layer 2 switches need mac address for it's port?

    asif

      In layer 2 switches, there will be one mac adress for the switch and one mac address for it's every port. why layer 2 switches need mac for it's port?

        • 1. Re: why layer 2 switches need mac address for it's port?
          Amjad Abdelhalim

          there are many reasons, one of these reasons is to use it for spanning-tres calculations.

          • 2. Re: why layer 2 switches need mac address for it's port?
            asif

            stp using switch mac for bridge id. for what purpose stp using switch port mac address?

            • 3. Re: why layer 2 switches need mac address for it's port?
              Amjad Abdelhalim

              assume you have two paths from switch A to switch B, and switch B is the root, stp uses the mac address for the ports to assign one of the two ports as a root port.

              • 4. Re: why layer 2 switches need mac address for it's port?
                samarjitdutta

                MAC Address on a VLAN (SVI) or L3 Interface on Catalyst Switches

                /image/gif/paws/41263/catmac_41263a.gif

                 

                By default, Catalyst switches come with the same MAC address configured      on all interfaces. The diagram in this section shows a Catalyst 6500 with      Supervisor Engine 2 and MSFC2. However, the MAC address on all three VLAN      interfaces is the same, even though the IP addresses are different.

                 

                Catalyst switches have varied support for the ability to change the MAC      address for a VLAN (SVI) or L3 interface. You do not need to change the      burned-in MAC address if the network devices support multiple IPs to a single      MAC Address Resolution Protocol (ARP) table, which is common. Also, you do not      need to change the MAC address if the switches support a per-VLAN MAC address      table. Cisco switches support a per-VLAN MAC address table or      content-addressable memory (CAM) table. This support allows the switches to      maintain a MAC address table per VLAN. Therefore, the switches can have the      same MAC address on multiple VLAN interfaces without issue.

                 

                Note: A Hot Standby Router Protocol (HSRP) group uses the same virtual MAC          address if the HSRP group ID is reused on multiple interfaces. So you must          understand and use different HSRP groups when possible. In order to understand          the HSRP group limitation on the Catalyst 6500/6000, refer to this document:

                 

                 

                The Catalyst 3550 switches, Catalyst 4500/4000 switches with Supervisor      Engine III/IV, and Catalyst 6500 switches with Supervisor Engine 720 support up      to 256 unique HSRP group IDs in the 0 to 255 range.

                 

                MAC Addresses on Layer 2 Interfaces

                 

                MAC addresses of Layer 2 Interfaces (Switchports) are unique and are      assigned to that particular line module. In Cisco 6500/6000, 4500/4000, 3750,      3560, 3550, and 2970 series switches, you are not able to change the MAC      address on a switchport. In Cisco 2940, and 2950/2955 series switches you can      change the MAC address of switch ports using the command      mac-address, under the interface configuration      mode.

                 

                MAC Addresses for Spanning Tree Computation

                 

                MAC addresses used for Spanning Tree calculations are stored in an      EEPROM present in the Supervisor module. Regardless of the types of line      modules installed, the Layer 2 MAC addresses for VLANs do not change unless you      replace the Supervisor module. If you do replace the Supervisor module, the      Layer 2 MAC addresses of all VLANs change to those specified in the address      allocator on the new Supervisor module. In the fixed configuration Catalyst      switches, MAC addresses for VLANs cannot be changed.

                 

                Catalyst Switch with Support for CLI Configuration of a Unique MAC Address per Interface

                 

                This section discusses switches that support a change in MAC addresses      per interface.

                 

                Catalyst 6500/6000 Supervisor Engine 720 and Supervisor Engine I with MSFC1, MSFC2, or MSFC3 That Runs CatOS System Software

                 

                This output is from the MSFC1 in which the default MAC address is the      same for all interfaces:

                 

                cs-6506-24a#show interfaces | include line | address
                Vlan1 is down, line protocol is down
                  Hardware is Cat6k RP Virtual Ethernet, address is 00d0.bcf1.ee5c (bia 00d0.bcf1.ee5c)
                  Internet address is 14.18.2.182/16
                Vlan2 is down, line protocol is down
                  Hardware is Cat6k RP Virtual Ethernet, address is 00d0.bcf1.ee5c (bia 00d0.bcf1.ee5c)
                cs-6506-24a#

                 

                Use the mac-address      mac_address interface configuration      command in order to change the MAC address. Here is an example:

                 

                cs-6506-24a#configure terminal
                Enter configuration commands, one per line.  End with CNTL/Z.
                cs-6506-24a(config)#interface vlan 1
                cs-6506-24a(config-if)#mac-address 0007.0001.0001
                cs-6506-24a(config-if)#exit
                cs-6506-24a(config)#interface vlan 2
                cs-6506-24a(config-if)#mac-address 0007.0001.0002
                cs-6506-24a(config-if)#end
                cs-6506-24a#

                 

                Verify the change in the MAC address in this way:

                 

                cs-6506-24a#show interfaces | include line | address
                Vlan1 is down, line protocol is down
                  Hardware is Cat6k RP Virtual Ethernet, address is 0007.0001.0001 (bia 00d0.bcf1.ee5c)
                  Internet address is 14.18.2.182/16
                Vlan2 is down, line protocol is down
                  Hardware is Cat6k RP Virtual Ethernet, address is 0007.0001.0002 (bia 00d0.bcf1.ee5c)
                cs-6506-24a#
                • 5. Re: why layer 2 switches need mac address for it's port?
                  Amjad Abdelhalim

                  I think i made a mistake, stp uses port number as a tie breaker,  not the mac address

                  • 6. Re: why layer 2 switches need mac address for it's port?
                    asif

                    yes, for rootport election, first looking for lowest cost to the rootbridge. if it same, looking for lowest port id ..    But what is the use of a mac address for a switch port?

                    • 7. Re: why layer 2 switches need mac address for it's port?
                      samarjitdutta

                      normal layer 2 managagle switchport do not use and port mac address ,

                      it uses a base mac address for the purpose of STP, or Management purpose,

                      suppose u give interface vlan an ip address, then only this virtual interface will have an ip address, which is same as it's base mac-address

                      if you configure multiple vlan interface on a switch but all these port will have same mac-address

                      If you want you can change the mac-address of these virtual lan interface as i have indicated in my last post

                       

                      stp root port election

                      lowest path cost

                      if cost is same....

                      is the multiple ways to the root switch via same switch or different switch

                      if they are through different switch then choose the switch with lower bridge id (priority + base mac)

                      if both the path are via same switch then bridge id for  both path are same ...

                      choose the port with lowest port id.

                       

                      here base mac address is playing an importent route to decide the root bridge and also to find out the best root port

                      • 8. Re: why layer 2 switches need mac address for it's port?
                        jbg

                        per port macs help identify misconfigurations for 802.3ad/lacp and when both sides of a connection aren't using the same stp topology (802.1d vs pvst/802.1s etc).

                         

                        without the two+ ports using distinct MACs you have no mechanism to distinguish these conditions.

                        • 9. Re: why layer 2 switches need mac address for it's port?
                          Rizwan Ayub

                          Is this Asif ali mian??? If yes this is Rizwan

                          The answer is not varified but is according to my own understanding so it can be wrong. The switch has MAC Identifier's stored in the back plane and it is used in BID. Where as the switch port MAC Identifier is used as the source MAC Identifier for the Frame that contains the BPDU This is one and there are many reasons

                          • 10. Re: why layer 2 switches need mac address for it's port?
                            Difan Zhao

                            I know that when you do 802.1x, the EAP packets are from the port MAC address. I think CDP message and keepalive messages use unique MAC addresses on the port too. I also think Cisco just have TOO many MAC addresses of their own so they can afford wasting some.