Mac address and VLAns

MAC addresses need not be globally unique: they only have to be unique within the broadcast domain. Broadcast domains can be physically seperated (different segments), or can use different protocols, or can be logically seperated (different VLANs.)

A MAC address is not a "member" of a VLAN. It is *frames* (not MAC addresses, ports, IP addresses, or anything else) that are associated with particular VLANs. The rules for associating frames with VLANs can be based on almost any characteristic of the frame, such as:

-the switch port on which the frame arrived (port-based VLAN)

-the MAC source address in the frame (MAC address-based VLAN)

-the IP subnet identifier within the frame (IP subnet-based VLAN)

-the TCP/UDP port number within the frame (application-based VLAN), etc.

While many people may *think* they are associating a port (or a MAC address) with a VLAN, they are really specifying a VLAN-association rule that is based on switch port (or MAC address); the distinction is subtle, but important, particularly when end stations are VLAN-aware, and perform the association themselves.

Consider a multi-homed VLAN-aware end station (e.g., a server) that associates frames with VLANs based on IP subnet identifiers. Since that station has multiple IP addresses (that's what multi-homed means), it will emit frames carrying different VLAN IDs, depending on the subnet to which the frame is directed. However, that station may have the same MAC address on all subnets (sidebar: I never said that the server had multiple physical interfaces, and even if it did, it is permissible to assign the same MAC address to multiple interfaces that are not on the same LAN). Thus, this is a device that, according to *your* model, has a MAC address that is a "member" of multiple VLANs. This dichotomy disappears when one realizes that it is the *frames* that are associated with the VLANs, and each frame is associated with one (and only one) VLAN.

If you don't like the multi-homed station example, the same phenomenon arises in the case of a single-homed station that associates VLAN IDs based on application streams; e.g., a video delivery server (think: Intranet multicast delivery of training videos) that assigns a VLAN to each video stream so that bandwidth can be conserved within an enterprise. Another example is a VoIP conference-call server, associating each conference call (multicast) to a VLAN.

There is a complete explanation of this in Chapter 11 of "The Switch Book."

-- Rich Seifert Networks and Communications Consulting 21885 Bear Creek Way (408) 395-5700 Los Gatos, CA 95033 (408) 228-0803 FAX

Send replies to: usenet at richseifert dot com

------------------------------------------------------------------

Sir ...

As u mentioned about a book .... The Switch Book... can u plz ... give a full detail of this book (publication, writer etc) so that it is easy for me to find it at book stores....

Vikrant.

For example, see here:

Finding this cost me less than 10 seconds, even without using the knowledge who the author is (which anyone regularly reading this group knows). I don't know about you, but that is less than the time it took me to write this followup posting.

jpd wrote: (snip)

More specifically, exactly is in the post the name of the book is:

"the switch book"

which if put into almost any search engine comes up with the book in most of the hits.

-- glen

-------------------

hello sir...glad to meet with u .... i really really feeling glad... please.... make my way lighten.....by sharing u'r knowledgable thoughts.......please....

my email id is --- snipped-for-privacy@gmail.com

---------------------------------------------------------------------------=

--------------------------------------------------------------

Hello Mr. Rich Seifert

I want to discuss some of my queries with u as some are not totally asked by text so these also requires figures. but here its not possible to draw figure So can u give me u'r mail id so that i send the queries in files to U....

my mail id is -- snipped-for-privacy@gmail.com

regards

Vikrant

Did you consider reading the signature on my posting?

-- Rich Seifert Networks and Communications Consulting 21885 Bear Creek Way (408) 395-5700 Los Gatos, CA 95033 (408) 228-0803 FAX

Send replies to: usenet at richseifert dot com *****************************

--------------------------------- No no, not signatures....... but much more than that...............

Vikrant

--------------------------------------------------------------------

Hello

Can u plz tell me about the DA (Destination Mac Address) and SA (Source mac Address)

of a frame which contains multicast data (or multicast member ship requist or leave requist)

is at this case is DA =3D=3D SA or SA contain a unique mac address of either router or host.

Please tell me

Thanks in advance

Vikrant

You really should read the relevant standards (IEEE 802.3, IEEE

802.1D/Q) and then ask your questions, rather that looking to this group to provide a tutorial on every aspect of your design.

That said, a source MAC address is never a multicast; it is always a unique identifier of the station sending the frame, whether an end station or router.

-- Rich Seifert Networks and Communications Consulting 21885 Bear Creek Way (408) 395-5700 Los Gatos, CA 95033 (408) 228-0803 FAX

Send replies to: usenet at richseifert dot com

It's been several years since I last looked at the relevant documentation, and memory certainly fades with disuse. Are there exceptions to the above statement that have to do with virtual redundancy protocols? I have this idea poking out of corner of my mind that the active master for VRRP (or perhaps it was a related protocol) assumes as the source MAC the multicast address for the redundancy group ?

----------------------------------------------------------------------

Hi,

please go to that link below to see my query stored in a file which is accessable as my query need some graphics along with it

and please answer me

Thanks in advance

Vikrant

---------------------------------------------------------------------------=

I believe the answer is NO, in that case there is no such mechanism. (I looked at your diagram.)

Single instance STP does not know anything about VLANs and will not take VLANs into account in creating the spanning tree. If that happens to cut a link needed for a particular VLAN to make it through the switches between two points, then Tough Tootsies. Do not use single-instance STP with VLANs.

-----------------------------------------------------------------

please check the following link

here a file named as stp.txt

and tell me plz what u say about this situation is a switch controller support for inter vlan data transmission is necessary for that situation.

Thanks

Vikrant

Your question has been answered, at least twice and perhaps more times. I am sorry if you do not understand the answer. Perhaps you should read the relevant standards, or an appropriate text book, so that you can better understand the technology.

-- Rich Seifert Networks and Communications Consulting 21885 Bear Creek Way (408) 395-5700 Los Gatos, CA 95033 (408) 228-0803 FAX

Send replies to: usenet at richseifert dot com

FYI, what was going through my mind at the time was RFC 3768

Section 8.2

When a host sends an ARP request for one of the virtual router IP addresses, the Master virtual router MUST respond to the ARP request with the virtual MAC address for the virtual router. The Master virtual router MUST NOT respond with its physical MAC address. This allows the client to always use the same MAC address regardless of the current Master router.

Section 8.3

If Proxy ARP is to be used on a VRRP router, then the VRRP router must advertise the Virtual Router MAC address in the Proxy ARP message. Doing otherwise could cause hosts to learn the real MAC address of the VRRP router.

7.3. Virtual Router MAC Address

The virtual router MAC address associated with a virtual router is an IEEE 802 MAC Address in the following format:

00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)

This is *not* in the multicast MAC range.

Section 9.2 talks about use with Token Ring and indicates that MACs from

03-00-00-00-00-80 to 03-00-02-00-00-00 are used for this. The low order bit is set in this but because the next higher bit is set as well, this is Token Ring, not a broadcast or multicast address.

But then,

5.2.2. Destination Address

The IP multicast address as assigned by the IANA for VRRP is:

224.0.0.18

This is a link local scope multicast address. Routers MUST NOT forward a datagram with this destination address regardless of its TTL.

So... we are into some fine distinctions in this discussion. In the case I was thinking of, VRRP, source -MAC- addresses will not be multicast, but the -IP- addresses are in the multicast range. But the VRRP does twist the second half of Rich's sentence, that

as VRRP uses a constant identifier (per instance) regardless of which system is master at the moment: it is "unique" in the sense that *only* the VRRP master is allowed to sendout such frames, but it is -not- "unique" in the sense that the same MAC could be from any of the configured VRRP servers, dependent on which one is in control at the time.