Why is the MAC address of a BPDU replaced with a multicast MAC address in BPDU tunneling on S series switches

3

On S series (except the S1700) and E series switches, the MAC address of a BPDU from a user-side device is replaced so that the BPDU can be transparently transmitted across the ISP network. Otherwise, the BPDU will be processed by the ISP network as a protocol packet and cannot reach the remote user-side device, and network flapping will occur.

Other related questions:
Why is the MAC address of a BPDU replaced by a multicast MAC address in BPDU tunneling
The MAC address of a BPDU from a user-side device is replaced so that the BPDU can be transparently transmitted across the carrier network. Otherwise, the BPDU will be processed by the carrier network as a protocol packet and cannot reach the remote user-side device, and network flapping will occur. According to the implementation of BPDU tunneling, the MAC address of a BPDU can be replaced by a multicast, broadcast, or unicast address. The reason why a case-shaped switch selects a multicast MAC address is as follows: If the MAC address of a BPDU is replaced by a broadcast MAC address, the BPDU may be attacked when being transparently transmitted because a broadcast packet is vulnerable to attacks. If the MAC address of a BPDU is replaced by a unicast MAC address, the switch may be unable to learn the source MAC address of the BPDU when forwarding it and still processes it as a broadcast packet.

How to view and change MAC addresses of BPDUs
Run the display bpdu mac-address command to query the current BPDU MAC addresses. By default, all multicast MAC addresses in the segment from 0180-c200-0010 to 0180-c200-002f are BPDU MAC addresses, and 0100-0ccc-cccd is also a BPDU MAC address. Run the bpdu mac-address mac-address command to specify an MAC address to be a BPDU MAC address. Example: bpdu mac-address 0100-0ccc-cccc

How to configure BPDU tunneling on S series switches to transparently transmit BPDUs
To configure S series (except the S1700) and E series switches to transparently transmit BPDUs, perform the following operations: 1. Configure interface-based Layer 2 protocol transparent transmission. (1) Run the l2protocol-tunnel group-mac command in the system view to replace the multicast destination MAC address of Layer 2 protocol packets with a specified multicast MAC address. (2) Run the port default vlan command on the inbound and outbound interfaces to transparently transmit untagged BPDUs. (3) Run the l2protocol-tunnel { all | protocol-type } enable command on the inbound and outbound interfaces to enable interface-based Layer 2 protocol transparent transmission. 2. Configure VLAN-based Layer 2 protocol transparent transmission. (1) Run the l2protocol-tunnel group-mac command in the system view to replace the multicast destination MAC address of Layer 2 protocol packets with a specified multicast MAC address. (2) Run the port link-type hybrid and port hybrid tagged vlan commands on the inbound and outbound interfaces to transparently transmit tagged BPDUs. (3) Run the l2protocol-tunnel { all | protocol-type } vlan command on the inbound and outbound interfaces to enable VLAN-based Layer 2 protocol transparent transmission.

Do S series switches support static multicast MAC addresses
S series switches (except the S1700) support static multicast MAC addresses in V100R006 and later versions. However, the support for this function varies depending on switch models. - S2700SI/S2700EI: not supported - S3700SI/S3700EI: not supported - S5710-C-LI: not supported - S5700SI: supported in V200R003 and later versions

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top