MAC Address Rewrite
Media Access Control (MAC) address rewrite converts the incoming traffic’s MAC address (source , destination, or both) with a user configured MAC address. The modified packets are then delivered as per flow mapping configurations. This allows the user to maintain confidentiality of the outgoing MAC address.
MAC address rewrite can be enabled in two ways:
Rule based- The MAC address rewrite functionality is enabled for traffic that qualifies a specific rule in a map. This can be enabled only for pass rules. Rule based MAC address re-write allows modifying the rule, source, and destination MAC address. |
Map Based- The MAC address rewrite functionality is enabled for traffic that qualifies any of the rules configured in regular by-Rule maps and shared collectors. The configuration applies to all the rules that are part of the map except for drop rules. Map based MAC address re-write allows modifying the source and destination MAC address and can also be applied to a deployed map. Refer to Map MAC Address Source and Destination Compatibility Matrix for more information. |
Table 1: Map MAC Address Source and Destination Compatibility Matrix
Source |
Destination |
Supported |
---|---|---|
Network |
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with Egress VLAN strip/Tool with Egress Port filters. |
Yes |
Network |
L2 Circuit Encapsulation Tunneling |
No |
Hybrid |
Tool/Hybrid, Tool GigaStream/Hybrid GigaStream, Tool with Egress VLAN strip/Tool with Egress Port filters. |
Yes |
Network /Hybrid |
Port-group(without smart-lb enabled). |
Yes |
IP interface (De-encapsulation Tunnel) |
Tool/Hybrid |
Yes |
L2GRE/VXLAN |
L2GRE/VXLAN Encapsulation tunnel. |
No |
VXLAN Header/MPLS Header stripping |
Tool/Hybrid |
No |
Network Port with Ingress VLAN tag |
Tool/Hybrid |
Yes |
L2-Circuit Tunnel |
Tool/Hybrid/GigaStream |
Yes |
VXLAN/L2GRE Tunnel de-encapsulation with IP interface |
Tool/Hybrid/GigaStream |
No |
Port-Group |
Tool/Hybrid/GigaStream |
Yes |
Note: If you have configured both map level and rule level MAC address rewrite functionality in the same map, then rule-based configuration takes priority.
Configuring MAC Address Re-write
Media Access Control address is a six byte hardware identification field with 12 hexadecimal digits that uniquely identifies a device in the network. You can rewrite the MAC source and destination fields to configurable MAC address as follows:
1. | To enable MAC address rewrite functionality through GigaVUE-FM: |
a. | Map based Configuration- To configure MAC address rewrite based on maps follow the below steps: |
• | Navigate to > Physical > Nodes. |
• | Select the required cluster or device. Navigate to Maps and click create New Map. Scroll down to Map Configuration & Rules. |
• | Under Configuration, enable the ‘Address Rewrite’ checkbox. |
• | Select either MAC Source, Mac Destination, or both. |
• | Specify the MAC Source and Destination. |
• | Click on OK to complete the configuration. |
b. | Rule based Configuration- To configure MAC address rewrite based on map rules follow the below steps |
• | Navigate to > Physical > Nodes. |
• | Select the required cluster or device. Navigate to Maps and click create New Map. Scroll down to Map Configuration & Rules. |
• | Under Map Rules, click Add a Rule. |
• | Enable the ‘Address Rewrite’ checkbox. |
• | From Map Rules section select either MAC Source , Mac Destination, or both. |
• | Specify the MAC Source and Destination. |
• | Click on OK to complete the configuration. |
2. | To enable MAC address rewrite through GigaVUE-OS -CLI enter the map prefix mode with the command config map alias<map> and then enter any one of the following commands such as: |
rewrite-dstmac xx:xx:xx:xx:xx:xx
rewrite-srcmac xx:xx:xx:xx:xx:xx
no rewrite-dstmac
no rewrite-srcmac
Refer to GigaVUE-OS CLI Reference Guide for more information.
License
You do not need a license to enable this feature for GigaVUE HC Series. To enable this feature for GigaVUE TA Series ensure you have Advanced Features License.
Limitations
The following are the limitations of MAC Address rewrite.
Pass-all maps are not supported. |
GSOP enabled maps are not supported. |
VXLAN/L2GRE Encapsulation and Decapsulation tunnels are not supported |
Inline, Flex Inline maps and OOB copy maps are not supported. |
First level, second level and transit maps are not supported. |
This feature is not supported with Fabric Maps, L2 Circuit Tunnel Encapsulation, MPLS and VXLAN header stripping enabled-port configurations. |
A paired port receives rewritten mac address when creating a port-pair with a network port in map/rule-based mac-rewrite byrule map. |