AnsweredAssumed Answered

MAC Address problem

Question asked by exw32-pica on May 22, 2015
Latest reply on May 25, 2015 by exw32-pica





Thanks for taking the time to read my message!



I know this is a strange place to announce a Checkpoint related problem, however it seems to be a L2 problem, so that's why i post in the "enterprise switching" section. Additionally, for some reason I cannot post at the Checkpoint forum..



We have a cluster of two Checkpoint 13500 FW's. And we are experiencing some strange behavior.




We have a Cisco switch with port 20 connected directly to a test client in VLAN 900. FW1 is connected to port 21 and FW2 is connected to port 22. All in VLAN 900. The FW's run VRRP. The FW's are default gateway for the clients in VLAN 900.




The MAC adress of the client is AA.AA.A2.00.00.00. So looking at the MAC table of the switch, I see client AA.AA.A2.00.00.00 on port 20. But now the strange thing... for this client, I also see a slightly altered MAC address in the MAC address table, sourced from port 21 (FW1). So the MAC table shows:




AA.AA.A2.00.00.00 interface 20


AA.AA.A1.00.00.00 interface 21




This strange altering of MAC addresses is seen for all clients, sourced from interface 20. So for example:




AA.AA.A2.00.00.00 interface 20


BB.BB.B2.00.00.00 interface 20


CC.CC.C2.00.00.00 interface 20


AA.AA.A1.00.00.00 interface 21


BB.BB.B1.00.00.00 interface 21


CC.CC.C1.00.00.00 interface 21




All addresses with a "2" in it are 'real' addresses. All addresses with a "1" in it are altered addresses, sourced by FW1.




Anybody seen this behavior before???




Thank you very much for your reply!