When capturing packets with tcpdump on a circuit configured with the parameter "hide-vlan-header", the tcpdump output shows unexpected MAC addresses in outgoing packets.
When capturing packets with tcpdump on a circuit configured with the parameter hide-vlan-header, the tcpdump output shows unexpected MAC addresses in outgoing packets.
The following example demonstrates this issue. The circuit vlan76 is configured with a VLAN tag 76 and the parameter hide-vlan-header is set:
CBS# show running-config circuit vlan76
circuit vlan76
device-name vlan76
vap-group fw
default-egress-vlan-tag 76 hide-vlan-header
ip 172.16.76.1/24 172.16.76.255
When running tcpdump to capture traffic on this circuit, both source and destination MAC addresses in outgoing packets are not corresponding with the actual MAC addresses of the circuit and the neighbor device:
fw_1 (CBS): ~# tcpdump -c 1 -enni vlan76 dst host 172.16.76.254
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan76, link-type EN10MB (Ethernet), capture size 96 bytes
13:19:54.033074 41:02:81:00:00:4c > 7c:7f:00:03:d2:f2, ethertype IPv4 (0x0800), length 74: 172.16.76.1.48763 > 172.16.76.254.23: S 3970984189:3970984189(0) win 5840 <mss 1460,sackOK,timestamp 1304490343 0,nop,wscale 7>
1 packets captured
1 packets received by filter
0 packets dropped by kernel
The real circuit MAC address can be displayed in XOS CLI with show circuit (some output is omitted for brevity), or by using Linux commands ifconfig or ip on the VAP:
CBS# show circuit vlan76
Circuit Name : vlan76
Circuit-Id : 1034
Device Name : vlan76
...
Default Egress Vlan Tag : 76
Hide VLAN Header (true/false) : t
Replace Egress Vlan Tag : N/A
MAC Address : 00:03:d2:f2:41:02
MTU : 1500
Management Circuit (true/false) : f
Enable (true/false) : t
Primary Type : primary
IP Address : 172.16.76.1/24
IP Broadcast Address : 172.16.76.255
Increment-per-vap Mode (true/false) : f
fw_1 (CBS): ~# ip link show dev vlan76
13: vlan76: <BROADCAST,MULTICAST,DEBUG,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:03:d2:f2:41:02 brd ff:ff:ff:ff:ff:ff
To display the ARP cache and see the MAC address of the neighbor device, you can use the XOS CLI command show arp:
CBS# grep 172.16.76.254 show arp
fw_1 172.16.76.254 00:1c:58:d7:7c:7f dynamic vlan76
Alternatively, use the Linux commands arp or ip on the VAP:
fw_1 (CBS): ~# ip neighbor | grep 172.16.76.254
172.16.76.254 dev vlan76 lladdr 00:1c:58:d7:7c:7f REACHABLE