Why is the MAC address of a BPDU replaced by a multicast MAC address in BPDU tunneling

1

The MAC address of a BPDU from a user-side device is replaced so that the BPDU can be transparently transmitted across the carrier network. Otherwise, the BPDU will be processed by the carrier network as a protocol packet and cannot reach the remote user-side device, and network flapping will occur.

According to the implementation of BPDU tunneling, the MAC address of a BPDU can be replaced by a multicast, broadcast, or unicast address. The reason why a case-shaped switch selects a multicast MAC address is as follows:

If the MAC address of a BPDU is replaced by a broadcast MAC address, the BPDU may be attacked when being transparently transmitted because a broadcast packet is vulnerable to attacks.
If the MAC address of a BPDU is replaced by a unicast MAC address, the switch may be unable to learn the source MAC address of the BPDU when forwarding it and still processes it as a broadcast packet.

Other related questions:
Why is the MAC address of a BPDU replaced with a multicast MAC address in BPDU tunneling on S series switches
On S series (except the S1700) and E series switches, the MAC address of a BPDU from a user-side device is replaced so that the BPDU can be transparently transmitted across the ISP network. Otherwise, the BPDU will be processed by the ISP network as a protocol packet and cannot reach the remote user-side device, and network flapping will occur.

How to view and change MAC addresses of BPDUs
Run the display bpdu mac-address command to query the current BPDU MAC addresses. By default, all multicast MAC addresses in the segment from 0180-c200-0010 to 0180-c200-002f are BPDU MAC addresses, and 0100-0ccc-cccd is also a BPDU MAC address. Run the bpdu mac-address mac-address command to specify an MAC address to be a BPDU MAC address. Example: bpdu mac-address 0100-0ccc-cccc

How can I configure BPDU tunnel to transparently transmit BPDUs
To transparently transmit untagged BPDUs, run the port default vlan command on the inbound and outbound interfaces of the BPDUs. To transparently transmit tagged BPDUs, run the port default vlan command on the outbound interface of the BPDUs.

How to configure BPDU tunneling on S series switches to transparently transmit BPDUs
To configure S series (except the S1700) and E series switches to transparently transmit BPDUs, perform the following operations: 1. Configure interface-based Layer 2 protocol transparent transmission. (1) Run the l2protocol-tunnel group-mac command in the system view to replace the multicast destination MAC address of Layer 2 protocol packets with a specified multicast MAC address. (2) Run the port default vlan command on the inbound and outbound interfaces to transparently transmit untagged BPDUs. (3) Run the l2protocol-tunnel { all | protocol-type } enable command on the inbound and outbound interfaces to enable interface-based Layer 2 protocol transparent transmission. 2. Configure VLAN-based Layer 2 protocol transparent transmission. (1) Run the l2protocol-tunnel group-mac command in the system view to replace the multicast destination MAC address of Layer 2 protocol packets with a specified multicast MAC address. (2) Run the port link-type hybrid and port hybrid tagged vlan commands on the inbound and outbound interfaces to transparently transmit tagged BPDUs. (3) Run the l2protocol-tunnel { all | protocol-type } vlan command on the inbound and outbound interfaces to enable VLAN-based Layer 2 protocol transparent transmission.

Why are source MAC addresses not learned
The causes are as follows: -The device does not receive packets because the link is Down, the interface does not join the VLAN, the interface participates in spanning tree calculation and is blocked, and so on. -Loops cause MAC address flapping. -MAC address learning is disabled or corresponding Sticky MAC address entries already exist. -The number of learned MAC address entries has reached the maximum. -The static or blackhole route is configured.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top