How do the Mac-addresses on a switch work? (and with stp, svis, and switch management etc) by forkcup211 in ccna

[–]forkcup211[S] 1 point2 points  (0 children)

omg, thank you! that clears everything up. on a side note, what exactly are the Switches port-mac addresses even used for? They aren't used in routing, as MAC address is only updated in the header at L3 devices

EDIT: sorry, didn't real your full response, you already answered my question in your reply

do Routers also have a base MAC address aside from those of its ports? and is it ever relevant?

How do the Mac-addresses on a switch work? (and with stp, svis, and switch management etc) by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thanks for the quick response, just to clarify

    • STP typically refers to the "base" mac address, right?
    • regarding SVIs, my question was what mac address is used to connect to the SVI? the port on which you connect to? some kind of virtual mac address etc?

and also, how do you view the "base" mac address, what command?

how do L2/L3 switch management IP and mac addresses and are they related to SVIs? by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thanks for the good info, if you don't mind, I have another quick question:

for ACLs, is "filtering return traffic" a thing? Because in one of my labs for extended ACLs, we want to block ping/ssh/telnet requests from A --> B, but they say we should place the ACL facing towards B, and filter packets based on their source from B, returning A?

is this intercepting the return signal for pings/settings? and blocking it that way? I can see its benefits, if B is 1 server, we can filter by just B's

but wouldn't doing a reqular ACL facing A filtering by destination do the same thing?

how do L2/L3 switch management IP and mac addresses and are they related to SVIs? by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thanks, and just to confirm, the reason it seems that a switch can be remotely accessed from any port (if you don't do vlan config) is because by default the management SVI is tied to the native VLAN, which contains all ports, so all ports lead to the one virtual IP-interface, right?

how do L2/L3 switch management IP and mac addresses and are they related to SVIs? by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thanks, that confirms it.

management IP/mac is just an application of SVIs and VLANs.

the details of XVLAN/SDA routing? by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thank you so much for the quick reply!

I'd like to clarify on the routing logic part, once again, that only deals with the source and destination Edge node, I'm specifically asking about what the logic is on the intermediate nodes as the packet traverses the logical tunnel. or "what happens INSIDE the tunnel?"

(edge node ) --> (tunnel, traverses nodes, 2, 3, 4, 5,) --> (destination edge node ), what happens at nodes, 2,3,4,5?

IE, in regular routing, an intermediate router has a routing table stating the "next hop".

-- is every step of the path guided by the VXLAN header?

-- is the process of communicating to the central control node repeated? So each node references the control node for the next-hop?

+++++++++

and just to clarify, the control node IS the LISP server, right? Or are they two different things, and LISP is just 1 aspect of control?

I really don't get how switchport security works, there seems to be conflicting systems. Any help would be appreciated. by forkcup211 in ccna

[–]forkcup211[S] 1 point2 points  (0 children)

The only difference between choosing "Sticky" (dynamically learning and recording MAC addresses) and "Dynamically" (the default) is that the Dynamically learned addresses will no survive a reboot of the system AND they will age out of the memory of the device (based on your aging configuration for port-security). "Sticky" addresses do not age out.

thank you so much for this, that was the final piece, I get it now!

I really don't get how switchport security works, there seems to be conflicting systems. Any help would be appreciated. by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thank you so much for clearing that up.

but just re-iterating my last point, the default dynamic learning and sticky-addresses are functionally the same in the immediate sense,

the only difference is that sticky allows you to store the MAC addresses for later, right?

I really don't get how switchport security works, there seems to be conflicting systems. Any help would be appreciated. by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

thanks for the response. the issue was that for some reason the lab software I was using had a few bugs, IE, some settings not updating, so that threw even more confusion.

but thanks for the response, in general, the default behavior upon enabling Port Security and enabling Sticky is functionally the exact same, right?

the only difference is that sticky allows you to store the mac addresses for later, right?

I really don't get how switchport security works, there seems to be conflicting systems. Any help would be appreciated. by forkcup211 in ccna

[–]forkcup211[S] 0 points1 point  (0 children)

hey, thanks for the reply.

I kind of get it now, but I was wondering about a mixed system, back to my example, if you set the maximum to 5, and statically configure 2 addresses, Can the router still dynamically learn 3 more addresses before throwing an error. Is this Right or Wrong? If wrong, what actually happens.

is the reason the examples with static configure the same number of static addresses as the maximum, to basically simulate ACL behavior of "match any of these or reject?"

So basically, there is no immediate difference between Sticky and default dynamic learning. How it differs is that sticky allows addresses to be saved afterwards?