Same MAC address in multiple VLANs

Routing & Switching Switching
1

Hello Team,
Can you please help me out with this:

interface Ethernet46
   description CUST-COPROSYS-DIRECT
   load-interval 5
   switchport trunk native vlan 50
   switchport trunk allowed vlan 50,705,1373
   switchport mode trunk
   ip access-group acl_l3_peering_vlan_in in
   ipv6 access-group acl_v6_l3_peering_vlan_in in
   no lldp transmit
   no lldp receive
   switchport port-security maximum 3
   switchport port-security violation protect
   spanning-tree bpduguard enable
!
show mac address-table int et46
Vlan     Mac Address      Type       
---- ----------- ---- ----- ----- ---------
50        0018.194a.afd0  DYNAMIC 
50        001b.0de6.ab80 DYNAMIC 
705      001b.0de6.ab80 DYNAMIC 
1373    001b.0de6.ab80 DYNAMIC

Here we can see that the address 001b.0de6.ab80 was learnt over multiple VLANs. Does that indicate the presence of duplicate NICs or something else?
Warm regards.

2

In switch supports independent vlan learning, same mac-address can be learnt on different vlans. while mac lookup is based on vlan-id + dst-mac. In case of shared vlan learning this is not supported. Normally most asics today support IVL tables

1 Like
3

Hello Rushabh

This is normal behaviour. Notice that the Ethernet46 interface is a TRUNK interface configured with three VLANs. That means that this trunk connects to THREE separate VLANs. This port however has only one MAC address. So it is expected that this one interface MAC address will be assocated with all of the VLANs included in the trunk.

I hope this has been helpful!

Laz

4

Why is there one MAC addresses for multiple VLANs? If there are multiple clients in different VLANs, shouldn’t we see different MAC addresses, too?

Does this mean it is some kind of inter-switch communication by seeing only one MAC for different VLANs?

5

Hello Quirik

Indeed this post requires a deeper explanation. I went in to lab this up to get a deeper understanding of how these MAC addresses populate the MAC address table. You will see such duplication of MAC addresses whenever you have a trunk between two switches.

I created a topology where there were seven VLANs created on two switches (SW2, and SW3), and all of those VLANs are sent over a trunk connection between the two switches. The trunk connection goes across the Gi0/1 interface on both switches. Take a look at the MAC address table of SW3:

SW3#show mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    5254.000b.225e    DYNAMIC     Gi0/0
   1    5254.0010.949f    DYNAMIC     Gi0/1
   1    5254.0010.defe    DYNAMIC     Gi0/1
   1    5254.0011.337a    DYNAMIC     Gi0/1
   1    5254.0012.4282    DYNAMIC     Gi0/1
  10    5254.0011.337a    DYNAMIC     Gi0/1
  20    5254.0011.337a    DYNAMIC     Gi0/1
  30    5254.0011.337a    DYNAMIC     Gi0/1
  40    5254.0011.337a    DYNAMIC     Gi0/1
  50    5254.0011.337a    DYNAMIC     Gi0/1
  60    5254.0011.337a    DYNAMIC     Gi0/1
Total Mac Addresses for this criterion: 11
SW3#

Notice that we have the same MAC address of 5254.0011.337a for every VLAN. What is this MAC address? Well, it’s the MAC address of the Gi0/1 interface of SW2. Note the following:

SW2#show inter gi 0/1
GigabitEthernet0/1 is up, line protocol is up (connected) 
  Hardware is iGbE, address is 5254.0011.337a (bia 5254.0011.337a)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set

So, although in general it is considered a hard and fast rule that you cannot have multiple entries of MAC addresses within a MAC address table of a switch, the only exception to this rule is when you consider the MAC address of the port on the switch connected to your trunk. These entries are typically installed due to various control plane communications that take place using several different protocols, including CDP, STP, VTP and DTP to name a few.

The MAC address table will be populated only when there is traffic. Even if you have hosts in various VLANs, if there is no traffic to and from these devices, no additional entries will appear.

I hope this has been helpful!

Laz