On a hot standby network, which packets are used by upstream and downstream Layer-2 devices to learn the port for the virtual MAC addresses

4

The active firewall periodically sends VRRP advertisement messages. The source MAC address of these packets is the virtual MAC address of the VRRP group. The upstream and downstream Layer-2 devices learn the port mapped to the virtual MAC address through the VRRP advertisement messages.

Other related questions:
On a hot standby network, can upstream and downstream devices be Layer-4 switches
Yes. In this situation, the firewall must use the virtual MAC address to encapsulate service packets. Otherwise, services are interrupted after active/standby switchover. By default, the firewall uses the physical MAC address to encapsulate service packets. On hot standby networks, Layer-4 switches establish a connection status table to record the source MAC address (that is, the MAC address of the service interface on the active firewall) in the packets forwarded by the firewall. Layer-4 switches forward packets based on the connection status table. During active/standby switchover, Layer-4 switches do not automatically refresh MAC addresses in the connection status table. Therefore, packets are sent to the original active firewall if the physical MAC address is used. As a result, services are interrupted. If the virtual MAC address is used, the connection status tables on Layer-4 switches record the virtual MAC address. After active/standby switchover, Layer-4 switches can forward service packets to the new active firewall. Corresponding to the virtual IP address, the virtual MAC address is automatically generated based on the VRID in either of the following formats: -IPv4: 00-00-5E-00-01-{VRID} -IPv6: 00-00-5E-00-02-{VRID} On a service interface of the firewall, you can run the following command to use the virtual MAC address to encapsulate service packets. system-view [sysname] interface GigabitEthernet 1/0/1 [sysname-GigabitEthernet1/0/1] vrrp virtual-mac enable

Can the virtual MAC address be used as the source MAC address of packets
Yes. By default, the firewall uses the physical MAC address to encapsulate Layer-3 service packets. To use the virtual MAC address, run the vrrp virtual-mac enable command in the interface view.

Is the WLAN rate the upstream or downstream rate
WLAN rate refers to the wireless rate of data transmissions between APs and STAs or between bridges and downstream nodes. Devices on both ends work in half-duplex mode, that is, they can only receive or send data at a time. The WLAN rate is the sum of upstream and downstream rates. Common users mainly use Internet access services to browse web pages, most of which is downstream traffic. In this case, the WLAN rate refers to the downstream rate.

How to check the MAC address of an interface on an S series switch
For S series switches (except the S1700), you can obtain the MAC address of an interface as follows:
<HUAWEI> display interface gigabitEthernet 0/0/5
GigabitEthernet0/0/5 current state : DOWN                                      
Line protocol current state : DOWN                                             
Description:                                                                   
Switch Port, PVID :    1, TPID : 8100(Hex), The Maximum Frame Length is 9216   
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0018-1111-2121
Current system time: 2015-04-02 16:03:17+08:00

The value of the Hardware address field in the command output is the MAC address of the interface, which is the switch's MAC address when the interface is a Layer 2 interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top