MAC layer unicast flooding a switched network

by

The network in question:
It is a fully switched network with no routing. There is no known RSPT problems.

There are 10 small switches. Each small switch has many small industrial devices talking to each other within that small switch.

There is 1 big switch that connects to all 10 small switches. The big switch also connect to computers that occasionally talk to a device or two in one of the small-switch network.

the entire network is one giant IP network with the same subnet, subnet mask, no default gateway.

The problem:
2 small switches, one has device A connected, the other has device B connected. unfortunately, A and B both has the same Mac address, a strange Mac address as well: 00:ba:d0:0b:ad:00 “bad bad”

Now, after wireshark a computer connected to the big switch, I can see the traffics of devices talking to A or devices talking to B, which should be confined within their small switches:

Ethernet II, Src: GeFanucA_02:9f:d0 (00:09:91:02:9f:d0), Dst: 00:ba:d0:0b:ad:00 (00:ba:d0:0b:ad:00)

It is also observed that, packet from “bad bad” to GeFanucA_02:9f:d0 (00:09:91:02:9f:d0) is a normal unicast and “bad bad” can recieve it. So in the two way communication, only one way’s traffic is flooded, the other way is still unicast.

Question:
The reason for unicast flooding is due to small switch realizing the MAC address is “bad”? or it is due to duplicated mac address so that small switches are not quite sure where to send the frame, so it just broadcasted? Or is this flooding due to something else?

PS.
after Joeqwerty’s answer below, confirming that, duplicated mac address has caused the flooding, I went back to all small switches and look at their “Mac Address Table”. Apparently there are 3 devices sharing the same MAC address, A B and C. Apparently C’s small switch happily accepted “BAD BAD” mac address and kept the traffic unicast. A and B’s switches decided to flood.

What exact mechanism caused this? A and B’s switches should NOT be aware of any “BAD BAD” on another switch.

Answer

As you correctly surmised, this is flooding, not broadcasting. If two devices have the same MAC address then I would expect to see this happening. You need to remove these two devices from the network and figure out why they have duplicate MAC addresses.

Attribution
Source : Link , Question Author : ugn , Answer Author : joeqwerty

Leave a Comment