开关的许多端口是否有可能在其MAC地址表中具有相同的MAC地址?
我发现可以通过Mac欺骗来这样做。除了欺骗之外,是否有可能?如果是这样,那么在什么情况下可能?
I found that it is possible to do so by MAC spoofing. Apart from spoofing, is it possible? If so, in what instances is this possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一个开关通过检查每个帧的源地址来学习单播MAC地址源地址表或 cam Table 。另一个开关端口上已经存在的MAC地址关联已移动到当前帧的入口端口。
在任何情况下,都可以使用相同的Mac进行正确工作的开关多个端口。因此,始终将寻址给特定MAC地址的帧转发到从该地址接收帧的最后一个开关端口中。如果关联的端口迅速变化,则在某种程度上是随机的,在该框架上注定该MAC地址最终。
一些托管开关跟踪学习行为,并在短时间内反复更改端口关联时报告拍打/重复的MAC。也可能有一些应急方案,可以将框架转向此地址。
A switch learns unicast MAC addresses into its source address table or CAM table by inspecting each frame's source address. A MAC address association already present on another switch port is moved to the current frame's ingress port.
In no case does a properly working switch associate multiple ports with the same MAC. Accordingly, a frame addressed to a specific MAC address is always forwarded out of the last switch port that has received a frame from that address. If the associated port changes rapidly it's somewhat random where a frame destined for that MAC address ends up.
Some managed switches track the learning behavior and report flapping/duplicate MACs when they change port association repeatedly in a short time period. There may also be some contingency scheme for where to forward frames to such an address.
我最近不得不调查有关开关学习过程的一些“奇怪之处”。虽然我同意@Zac67的回答,但我不同意
这是我发现的内容和我使用的拓扑:
测试非常简单:
使用相同的源 MAC 地址从 Linux_1 和 Linux_2 向 switch_1 发送以太网帧。为此,您可以使用一些流量生成器,例如 python-scapy。 switch_1 将流量转发到 switch_2,switch_2 将其进一步转发到 switch_3
现在,查看它们的 MAC 地址表:
switch_1:
如您所见,在 switch_1 上,在两个不同的端口上获悉相同的源 MAC 地址。
switch_2:
switch_2 的输出显示同一源 MAC 地址也可以在同一端口上被多次学习。
为什么会发生这种情况:
我做了一些研究,结果证明 Zac67 描述的行为是正确的,如果:
在我的情况下,交换机能够进行独立的 VLAN 学习,这基本上意味着每个 VLAN 都有一个单独的转发数据库(MAC 表)。基本上,VLAN 10 和 VLAN 20 具有单独的 MAC 表,并且一个 VLAN 的学习过程独立于另一个 VLAN 进行。
I recently had to investigate a some 'oddities' regarding the learning process of a switch. While I agree with @Zac67' answer, I disagree that
Here's what I found and the topology I used:
The test is pretty simple:
Send ethernet frames from both Linux_1 and Linux_2 with the same source MAC address, towards switch_1. For this purpose you may use some traffic generator sucy as python-scapy. switch_1 forwards the traffic to switch_2, which forwards it further to switch_3
Now, looking at their MAC address tables:
switch_1:
As you can see, on switch_1, the same source MAC address is learned on two distinct ports.
switch_2:
the output from switch_2 shows that it is also possible for the same source MAC address to be learned multiple times, on the same port.
Why this happens:
I did some research and it turns out that the behaviour Zac67 described is true if:
In my situation, the switch is capable of Independent VLAN learning, which basically means that there is one separate forwarding database (MAC table) for each VLAN. Basically, VLAN 10 and VLAN 20 have separate MAC tables and the learning process one VLAN occurs independently of the other VLAN.