mac in two fdb's

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
I have a combination of 460/440s in my network. We have a data(computer) vlan and a phone vlan.
Create vlan data tag 60
Create vlan phone tag 61
Conf vlan phone add port 4:21 tagged
Conf vlan data add port 4:21 untagged
configure lldp port 4:21 advertise system-capabilities
configure lldp port 4:21 advertise vendor-specific med capabilities
configure lldp port 4:21 advertise vendor-specific med power-via-mdi
configure lldp port 4:21 advertise vendor-specific dot1 vlan-name vlan Phone
configure lldp port 4:21 advertise vendor-specific med policy application voice vlan Phone dscp 46

When I plug in the phone it will get DHCP for a phone ip-address but the mac for that phone will show up in the fdb for both the data vlan and phone vlan.

Is this the expected result? I would assume that we don’t want all the data packets coming down to the phone.

Slot-1 # show fdb | include 4:21
c4:64:13:01:02:7d Data(0060) 0010 d m 4:21
c4:64:13:01:02:7d Phone(0061) 0043 d m 4:21

.1 # show iparp | include c4:64:13:01:02:7d
VR-Default 10.208.48.99 c4:64:13:01:02:7d 2 NO Phone 61 55
Photo of christopher madison

christopher madison

  • 360 Points 250 badge 2x thumb
  • usure

Posted 3 years ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,086 Points 10k badge 2x thumb
Hi Christopher,

This looks like it is normal behavior. I would expect the phone's MAC to show up in both VLANs, since it is acting as a switch to pass the PCs data.

-Brandon
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Christopher

I agree it is normal for it to be in both VLANs to start.  When it first comes up and request DHCP it will do it over the untagged data VLAN.  Once it moves over to the voice VLAN it should release and renew its DHCP and will use the tag information that it has for the Voice VLAN and get the Voice VLAN IP address.

I would expect that after 5 min, the timeout for the fdb, and it sould only be in the voice VLAN.


Let us know if not.

P
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,040 Points 3k badge 2x thumb

Paul,

this is how it works in our network.

Photo of Nicolas Dreher

Nicolas Dreher

  • 120 Points 100 badge 2x thumb
I agree : it's completely normal to find the phone's MAC address in fdb for both VLAN as long as the phone's MAC is the only L2 interface directly connected to the switch port (the switch receives traffic for both VLANs coming from that MAC address).

But what you describe Paul, is the behavior of a phone without using LLDP MED. With LLDP MED active - that's the case for Christopher - the phone takes it's IP address directly in the "phone" VLAN subnet, what doesn't change the answer given hereabove.
Photo of christopher madison

christopher madison

  • 360 Points 250 badge 2x thumb
When the phone boots it goes into the data vlan first and gets a data IP address. then after LLDP talks. it adds the phone vlan into the fdb. It also pulls a voice IP address. Eventually the IPARP table times out the Data IP address. however the data mac fdb entry continues to renew and never clears.
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Christopher, 
Thank you for the clarification. 

What happens if we manually clear the fdb on the port after the phone gets the IP address in the voice VLAN? Does it re-learn in data vlan after clearing?
If so, we need to check if there is a traffic coming into the switch port as an untagged packet with this source-mac-address. 

From the switch point of view, it will learn or refresh the mac-address in data VLAN whenever the untagged packet reaches the switch with the phone's mac address. 

Please let us know!