I would like to use MACPROTECT ON for Linux guests on a vswitch but it is not working as I would expect. My understanding is that MACPROTECT ON will not allow a NIC to send a frame with source mac address different from the one assigned by CP. I have a Linux bridge that bridges layer 2 traffic between two vswitches. I would like to have MACPROTECT on for all guests except for the one that runs the bridge. This I intended to do with running SET VSWITCH <name> MACPROTECT ON and SET NIC USER <bridge> <addr> MACPROTECT OFF. But, as soon as I turn MACPROTECT on for the vswitch the traffic through the bridge stops regardless of whether the MACPROTECT on the NIC is on or off.
As an additional check I have tried to do it in the other way: set MACPROTECT OFF on the vswitch and set MACPROTECT ON for the bridge NIC. I would expect this to stop the traffic through the bridge, but that did not happen. More details for the second case: q v nic a000 Adapter A000.P00 Type: QDIO Name: UNASSIGNED Devices: 3 MAC: 02-00-C2-0A-6D-D5 VSWITCH: SYSTEM ALBL07 Device: A000 Protected znetconf -c | grep a000 0.0.a000,0.0.a001,0.0.a002 1731/01 GuestLAN QDIO 08 qeth eth6 online tcpdump -e -i eth6 '(host 141.202.59.44 or host 141.202.59.45)' tcpdump: WARNING: eth6: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth6, link-type EN10MB (Ethernet), capture size 65535 bytes 07:46:54.596577 02:00:c2:0a:6d:ff (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 141.202.59.45 tell 141.202.59.44, length 28 07:46:54.596827 02:00:c2:0a:6e:00 (oui Unknown) > 02:00:c2:0a:6d:ff (oui Unknown), ethertype ARP (0x0806), length 42: Reply 141.202.59.45 is-at 02:00:c2:0a:6e:00 (oui Unknown), length 28 07:46:54.596985 02:00:c2:0a:6d:ff (oui Unknown) > 02:00:c2:0a:6e:00 (oui Unknown), ethertype IPv4 (0x0800), length 98: 141.202.59.44 > 141.202.59.45: ICMP echo request, id 1913, seq 1, length 64 The A000 NIC on the bridge has mac addres 02-00-C2-0A-6D-D5 but passes traffic between mac addresses 02:00:c2:0a:6d:ff and 02:00:c2:0a:6e:00 despite protection being on. Is my understanding of MACPROTECT incorrect or have I found a bug? Thanks, Tomas Tomas Pavelka CA Technologies Sr Software Engineer Tel: +420226207796 tomas.pave...@ca.com <mailto:tomas.pave...@ca.com>[cid:image001.gif@01CF42AD.93DBBA60]<http://www.ca.com/> ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
<<inline: image001.gif>>