Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

speedcolo

1 Rookie

 • 

43 Posts

77207

June 20th, 2009 08:00

single MAC forwarding table, but same MAC on multiple VLANs

I have been told by Dell Support that the PowerConnects have a "single instance MAC forwarding table".  That is, each MAC address can only live on one VLAN at a time on a switch.  This is necessary to support General Mode ports:

  1. untagged frame enters switch
  2. switch checks which VLAN contains the destination MAC
  3. switch checks if ingress port has permission to transmit to destination VLAN

If the same destination MAC lived on two VLANs, the switch would not know where to send the frame.

At the same time, it is difficult for me to prevent the occurrance of the same MAC on different VLANs.  I help in a colocation facility, and many colocation customers use pairs of routers or firewalls, which have HSRP, VRRP or NSRP high-availability MAC addresses, like 00-00-0c-07-ac-01 (Cisco HSRP) or 00-00-5e-00-01-01 (VRRP) or 0010.dbff.80f0 (Juniper NSRP).  I have seen cases where there were different customers using the same MAC address, on different VLANs; this was visible in "show mac address-table" on a single PowerConnect 5324, and it seemed to be working fine.  This is with all ports as Access Mode or Trunk Mode... no General Mode ports in the network.

Is it safe to use the same MAC on different VLANs if there are no General Mode ports?  Or is it OK even if there are General Mode ports, provided that the overlapping MACs don't exist on VLANs which have been "added" to any general mode ports?

bh1633

909 Posts

June 20th, 2009 20:00

PowerConnect switches have IVL (independent vlan learning).   This means that the same mac can be in different vlans.   In other words, the vlan is part of the address lookup. 

speedcolo

1 Rookie

 • 

43 Posts

June 21st, 2009 08:00

Thanks, BH.  Is the IVL a feature of all of 27xx, 35xx, 53xx, 54xx, 62xx?

bh1633

909 Posts

June 21st, 2009 09:00

yes

speedcolo

1 Rookie

 • 

43 Posts

June 22nd, 2009 08:00

Thanks. 

If a General Mode port receives an untagged frame, and the destination MAC exists on two different vlans, then I think that the switch would not know where to send the frame:

  1. interface g1, mode General, pvid 100, add vlan 300,500 untagged
  2. interface range g(3-4) mode General, pvid 300, add vlan 100,300 untagged
  3. interface range g(5-6) mode General, pvid 500, add vlan 100,500 untagged
  4. MAC 00-00-0c-07-ac-01 is on both ports g3 (vlan 300) and g5 (vlan 500)
  5. device on General Mode port g1 sends an untagged frame to 00-00-0c-07-ac-01

The Dell would receive the frame from port g1, and see the destination MAC on two different VLANs; port g1 has permissions to send to both VLANs.

To avoid this situation, should I avoid using General Mode at all on any switch that also may see the same MAC in different Access/Trunk VLANs (e.g.: does enabling general mode on port 1 somehow affect IVL for other non-General-Mode ports); or is it sufficient to only ensure that the duplicate MACs are never used on General Mode ports?

bh1633

909 Posts

July 6th, 2009 15:00

PowerConnect switches are IVL switches (independent vlan learning).  This means that the vlan is used in the destination port lookup.  In your example, in means that the same MAC address can exist in multiple vlans.

Was this post helpful?

View All

Top