Why is the MAC address of a BPDU replaced by a multicast MAC address in BPDU tunneling

The MAC address of a BPDU from a user-side device is replaced so that the BPDU can be transparently transmitted across the carrier network. Otherwise, the BPDU will be processed by the carrier network as a protocol packet and cannot reach the remote user-side device, and network flapping will occur.

According to the implementation of BPDU tunneling, the MAC address of a BPDU can be replaced by a multicast, broadcast, or unicast address. The reason why a case-shaped switch selects a multicast MAC address is as follows:

If the MAC address of a BPDU is replaced by a broadcast MAC address, the BPDU may be attacked when being transparently transmitted because a broadcast packet is vulnerable to attacks.
If the MAC address of a BPDU is replaced by a unicast MAC address, the switch may be unable to learn the source MAC address of the BPDU when forwarding it and still processes it as a broadcast packet.

Scroll to top