2 Replies Latest reply: Dec 12, 2008 4:48 AM by Paul Stewart - CCIE Security RSS

    source mac address



      Hello can someone explain why when a router sends a packet to a host that is connected to a switch, the source mac address seen by the host pc is that of the router and not of the switch. Should 'nt the mac address change at every hop so why it is not doing the change when it passes through a switch






      Thank you



        • 1. Re: source mac address


          Hi Andrea



          The function of a switch is to join cables together. Hop is a routing concept.



          Regards Conwyn



          • 2. Re: source mac address
            Paul Stewart  -  CCIE Security

            Switches utilize the layer two information but do not modify the mac address. This is similar to how routers utilize layer 3 (ip addresses) but do not modify it. The only exception would be if you were layer two bridging where the layer two addressing were not compatible (i.e token ring is not exactly compatible to ethernet).






            So a more accurate way to look at this in general, is a layer 3 device, inspects the packet at layer 3 so it knows what to do with it. However, the layer three information will remain constant. Obviously layers one and two will have to be rebuilt based on the exit interface and the next hop. In a routed case, you have a datagram (layer 3 terminology) going from host A to host B. That datagram will remain constant even though it passes through multiple routers. However in this case, each router will rebuild the frame (layer 2) that carries the datagram.




            In a switching situation, you have a datagram going from one host two another This same datagram is encapsulated into a frame. The frame should only change as it traverses an incompatible layer 2 device (maybe a source route translational bridge for token ring) or a layer three device. The question as to why this doesn't change as it passes through a switch is similar to asking why an IP address doesn't change as it passes through a router. IP addresses are for end to end deliver (within the context of layer 3), and MAC addresses are for end to end delivery (within the context of layer 2). There may be multiple layer two domains and while each will likely have different mac addressing, that addressing will remain constant while the frame is in that layer two domain.



            Another thing to consider. Concerning the CAM table in a switch, think about the trunk purts. If as a frame passed through a switch, the mac source was changed to that of the switch it would cause incomplete cam tables in the adjacent switch. Basically, each switch would only know about directly connected hosts and the cam entryies for the trunk port would only report the mac address of the adjacent switch. In that case, frames that are non-local to the switch would be flooded and our switches would act a lot like hubs.