Duplicate MAC on same LAN

Can some one tell me exactly what happens if we have duplicate MAC address on the same LAN (no switch in between). Also assume that they have statily different IP's assigned. My gues is that both NIC's should get the packet and if the s/w stack is correctly implemented, the incorrect destination should then drop it.

Also I am guessing that if we have DHCP on this LAN, would we have two hosts with same IP or some sort of IP ringing?

Thanks Affan

Reply to
Affan
Loading thread data ...

James Knott wrote: [snip]

[snip]

Huh? A switch would most certainly have an effect, at least if it's switching at layer 2. In this case the switch's forwarding table(s) are based on the MAC address of the hosts. With two hosts sharing a MAC address, the switch's forwarding table will be changed as the two hosts alternate speaking on the LAN. Only the host that last spoke will receive unicast traffic to the MAC address in question.

NM

Reply to
News Me

I can't tell you *exactly* what happens, but it appears that it should work as long as you are not using other protocols that rely on the MAC address. ARP will work. Anything requiring RARP would fail.

Most likely, the first host to be issued an IP would work and the other wouldn't. Many IP stacks validate an IP issued to them by a DHCP server by pinging they address. If there's an answer, they don't use the address. Many DHCP servers can be configured to do the same thing before issuing an address to a client.

I'm curious, do you have some requirement for hosts to use the same MAC? Or did you just find yourself with two NICs with the same MAC? In the latter case, most modern NICs allow you to change the MAC.

NM

Reply to
News Me

If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to shut down. Also, a switch will have no effect, as it's supposed to be transparent.

Reply to
James Knott

Quite so. I wasn't thinking straight. Not enough coffee... Or is it too much?? ;-)

Reply to
James Knott

:> Can some one tell me exactly what happens if we have duplicate MAC :> address on the same LAN (no switch in between). Also assume that they :> have statily different IP's assigned.

:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to :shut down. Also, a switch will have no effect, as it's supposed to be :transparent.

No, a switch is a form of learning bridge, which means that it has to watch the source MAC addresses on the packets going through and record the MAC against that port. Then when a packet comes in destined for that MAC, the switch sends it only to the appropriate port. In the case where you have two devices on the same VLAN with the same MAC, the switch would send the packet to whichever of the ports that had last received a packet with that MAC -- each received packet re-learns the location, so you can end up with "port-flapping" [which can be a serious problem if you have multiple VLANs but your switch does not do per-VLAN MAC learning.]

Reply to
Walter Roberson

:> Can some one tell me exactly what happens if we have duplicate MAC :> address on the same LAN (no switch in between). Also assume that they :> have statily different IP's assigned. My gues is that both NIC's should :> get the packet and if the s/w stack is correctly implemented, the :> incorrect destination should then drop it.

:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to :shut down.

That is if the NIC -detects- that something else is using it's MAC. Which would require that the other device transmits packets.

There is a form of stateful failover that is sometimes implimented which is handled by having two devices both assuming the same MAC, so that the standby device receives a copy of all the packets destined to the master device, and follows along in its song-book. When the master device dies, the standby device assumes control without having to kill the connections. The same thing could, of course, also be done with the secondary device snooping for those packets and changing it's MAC address when the master fails.

:> and if the s/w stack is correctly implemented, the :> incorrect destination should then drop it.

If the s/w stack is correctly implimented, the "incorrect" destination will offer a way of capturing all packets, such as for tcpdump / ethereal. When such a mode is activated, the exact details of what happens for mismatched IPs with the correct MAC varies. For example for some OS's, an icmp unreachable will be generated for protocols -other- than TCP or UDP, but the TCP and UDP stacks filter at a different point and know enough not to act on the packets. These differences in operation are exploited by "anti-sniffer" software designed to locate equipment that is snooping on the net.

Reply to
Walter Roberson

Could you explain a little bit more on this? My question is based more on curiosity of how deterimental the effect of having duplicate MAC's on the same LAN would be. As far as I can see, if they are on the same LAN (again with switches we would have the port ringin => delays), the effect shouldt be that significant, esp for say and TCP/UDP traffic.

Thanks everyone for satisfying the curisosity of a student.

Regards

Affan

Reply to
Affan Syed

yes - assuming they connect to a shared segment (i.e. a co-ax link or a repeater), then they both get a copy.

in fact it doesnt matter whether they have the same or different IP addresses.... or at least the Ethernet doesnt care.

some forms of multi server load balancing used to exploit this - microsoft server load balancing for 1 could be set with a common MAC across 2 or more servers so that each incoming request arrived at each server.

the servers then co-operated to decide which server should reply. this became much less common once switches became the standard building blocks for LANs.

Reply to
stephen

i will Walter answer your direct Q - but there is an invalid assumption here.

my previous answer was about what happens if there are duplicate MACs on a hub - which doesnt seem to be a problem in practice.

if you use switches and have duplicate active MAC addresses at 2 different points, then you may have major problems with a duplicate MAC causing side effects.

The problem is that noticing that the MAC "appears" at 2 different points and altering the switch tables and setup within the network is a processor driven activity.

So - high traffic levels on 2 or more ports from duplicate MACs is likely to generate lots of processor load - and severely overloading a switch processor tends to cause lots of problems

in the worst case i have seen loss of management, then loss of control protocols such as spanning tree, or layer 3 control - and in turn that can cause instability across a campus

Reply to
stephen

In article , Affan Syed wrote: :> When such a mode is activated, the exact details of what :> happens for mismatched IPs with the correct MAC varies.

:> These differences in :> operation are exploited by "anti-sniffer" software designed to :> locate equipment that is snooping on the net.

:Could you explain a little bit more on this?

The particular software I was thinking of was L0pht's anti-sniffer released in 1999. packetstormsecurity appears to have similar software,

formatting link

Reply to
Walter Roberson

That is what normally happens, but I don't know about this case. A switch that doesn't know the destination should send it on all ports. It it is getting the same MAC from more than one port, it could decide that it doesn't know the port. Consider that it might be sending to one port when a frame comes in with the same MAC address on a different port.

-- glen

Reply to
glen herrmannsfeldt

In article , glen herrmannsfeldt wrote: :News Me wrote: :> Huh? A switch would most certainly have an effect, at least if it's :> switching at layer 2.

:That is what normally happens, but I don't know about this :case. A switch that doesn't know the destination should send :it on all ports.

All ports within the same VLAN, yes.

:It it is getting the same MAC from more than :one port, it could decide that it doesn't know the port.

It -could-, but it is unlikely. Switches are built to take into account the possibility that a device will move before their table time out, and update their tables almost immediately when that happens. If the MAC shows up on two different ports, then port-flapping is the usual result.

I believe I have heard of some switches with port-flapping protection. If I recall correctly, those switches usually effectively shut down transmissions to that MAC for a time -- dropping the relevant packets rather than flooding them. Switches I haven't encountered yet might handle things differently.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.