Reputation: 319
I found that it is possible to do so by MAC spoofing. Apart from spoofing, is it possible? If so, in what instances is this possible?
Upvotes: -2
Views: 1343
Reputation: 101
I recently had to investigate a some 'oddities' regarding the learning process of a switch. While I agree with @Zac67' answer, I disagree that
In no case does a properly working switch associate multiple ports with the same MAC.
Here's what I found and the topology I used:
switch_3
|
trunk
vlans 10 & 20
|
switch_2
|
trunk
vlans 10 & 20
|
switch_1
/ \
access access
vlan 10 vlan20
/ \
Linux_1 Linux_2
The test is pretty simple: Send ethernet frames from both Linux_1 and Linux_2 with the same source MAC address, towards switch_1. For this purpose you may use some traffic generator sucy as python-scapy. switch_1 forwards the traffic to switch_2, which forwards it further to switch_3
Now, looking at their MAC address tables:
switch_1:
Switch#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0dab.2115 DYNAMIC Et0/1
20 0000.0dab.2115 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 2
As you can see, on switch_1, the same source MAC address is learned on two distinct ports.
switch_2:
Switch#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0dab.2115 DYNAMIC Et0/0
20 0000.0dab.2115 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 2
the output from switch_2 shows that it is also possible for the same source MAC address to be learned multiple times, on the same port.
Why this happens: I did some research and it turns out that the behaviour Zac67 described is true if:
In my situation, the switch is capable of Independent VLAN learning, which basically means that there is one separate forwarding database (MAC table) for each VLAN. Basically, VLAN 10 and VLAN 20 have separate MAC tables and the learning process one VLAN occurs independently of the other VLAN.
Upvotes: 0
Reputation: 2910
A switch learns unicast MAC addresses into its source address table or CAM table by inspecting each frame's source address. A MAC address association already present on another switch port is moved to the current frame's ingress port.
In no case does a properly working switch associate multiple ports with the same MAC. Accordingly, a frame addressed to a specific MAC address is always forwarded out of the last switch port that has received a frame from that address. If the associated port changes rapidly it's somewhat random where a frame destined for that MAC address ends up.
Some managed switches track the learning behavior and report flapping/duplicate MACs when they change port association repeatedly in a short time period. There may also be some contingency scheme for where to forward frames to such an address.
Upvotes: 1