What Happens If Two Devices Have the Same MAC Address but Different IPs on a Network?

Hello!

I searched but I didn't get any specific information from uncle google...

What happens in the local network and how routers/switches and all other equipment behave if we connect two computers/devices with the same MAC address.
I don't mean that DHCP will give the same IP address and there will be a conflict because I know it, but what if we rigidly have 2 different IPs but the same MAC?

I remember that I was playing that time, i.e. I assigned the same IP and MAC to 2 machines connected to 1 switch and something worked, i.e. the internet was on both machines but weak. I suppose that the switchuch has switched to hub mode [transferring information to all sockets] and that the matter is very version specific, i.e. with another switch or other topology it will not work or it will cause the network to go "crazy".

gavron wrote:

What happens in the local network and how routers/switches and all other equipment behave if we connect two computers/devices with the same MAC address.

Devices in the network Nothing will happen, One network card (one mac) can have many IP addresses and this configuration works without any problems.

bogiebog wrote:

gavron wrote:

What happens in the local network and how routers/switches and all other equipment behave if we connect two computers/devices with the same MAC address.

Devices in the network Nothing will happen, One network card (one mac) can have many IP addresses and this configuration works without any problems.

But we were talking about the MAC, not the IP.
In this case, the switches will go crazy (at least).

IMO Switches won't go crazy, they will switch packets correctly, probably one computer will get all the packets, the Switch will fill in the MAC/port table and then when searching it will find one of the ports and send packets there.

The situation is similar to one computer that you switch 'quickly' between the switch ports, rather you will not suspend the switch.

Exactly... As I see, everyone says there will be a problem, but no one knows what will happen I also think something is going on. I'm just installing 2xw98 on virtualbox and we'll see what happens.. First I'll test on a virtual network and then I'll do bridged and see what my router will do...

Overall, I'll get back to you and tell you what I've found: >

Ok, then tell me why MAC address cloning on routers works? and nothing happens? After all, after cloning a mac on the router, you don't have to change the mac on the computer???

Because these MACs are on different networks/lan segments.

yes, but there are 2 of the same addresses on the router at the same time, one used for LAN and the other for WAN, so something should go wrong and it's not ... Besides, you don't really know what should go wrong..

I don't know, I can't find specific information ANYWHERE about WHAT will happen and HOW the devices will behave in the case of 2 MACs..

gavron, write a firmware for the router or look at the linux sources, it will explain to you what and how.

Added after 45 [seconds]:

bogiebog wrote:

Because these MACs are on different networks/lan segments.

Arp tables are separate per segment/lan.

damn, but that's not the point, the fact that I'll write soft won't give me anything because if something is going to happen, I won't jump over it without knowing the problem, right?

I'm just asking what will happen, but I see I have to test it myself :P

the fact that there are separate ARP tables does not change the problem that I still do not know what is at stake

When it comes to the switch, one thing is for sure.
There will be two entries in the ARP table with the MAC pinned to two different switch ports.

Now we need to determine what the switch will do.
There are two options:
1. It will forward the packet to two ports - it will work like a HUB (rather it will not behave like that)
2. Searching the ARP tables, it will find information that the MAC is on this port and will push the frame there. In a moment, it will receive an ACK confirmation, so the ARP table will receive information that this MAC is there.
The question is, how long are entries in the ARP table stored?

After connecting the computer to the network, the first packets you can see are:
-DHCP Request (if the IP address is assigned dynamically)
-Gratuitous ARP for IP_Address

Anyway, right after connecting to the network, information about our host, its MAC and switch port appears in the ARP table.
By connecting a second host with the same MAC, new information about the MAC and switch port is added to the ARP table.

It remains a matter of determining how the manufacturer of the given equipment approached searching the ARP table (maybe some RFC clarifies it)

Below is my theory:
In the case of two same MACs, the switch will search the MAC tables for the first entry and redirect the packet there.
If at the same time it receives a packet from the other host, it will be in the table above and the packet will go to it.

The second host will determine that the incoming frame has wrong sequence and ACK numbers and will request retransmissions.
The first host will continue to wait for data. After a while it will get, but again the sequence numbers and ACK will not match.

To sum up. Hosts will get data frames randomly. The last one to answer will get it.
TCP will force the data transfer until it receives valid sequences and ACKs.
Because of this, it may seem that having two hosts with the same MAC "internet performance is weaker" :)

It's best to build a lab.
A switch and three hosts. Preferably some bare Linux with Wireshark turned on and see what's going on.
Bare, so as not to litter in Wireshark with some connections that will be beyond the scope of interest.

gavron wrote:

damn, but that's not the point, the fact that I'll write soft won't give me anything because if something is going to happen, I won't jump over it without knowing the problem, right?

I'm just asking what will happen, but I see I have to test it myself :P

the fact that there are separate ARP tables does not change the problem that I still do not know what is at stake

There is no single answer because the behavior of even a switch may be different, one model will start sending packets between two ports and another will start sending packets to all of them, and in the second case the entire network may be clogged.

gavron wrote:

Hello!
What happens in the local network and how do routers/switches and all other equipment behave if we connect two computers/devices with the same MAC address?

From experience, the internet will appear and disappear on computers, connections with servers will disappear and reappear, when you start transferring a larger file, it will fly whole and will not break anything. A flood will start in the network and a lot of packets will fly to such an extent that their number will increase to such an extent that nothing can be done in this part of the network that is under a given switch. Most likely, the flood is caused by the fact that the second machine takes packets from the first one, the first one does not have a matching checksum and asks for a retransmission and the circle closes. As the second machine did the same, then both start to renew the packets, the switch does not assign the MAC table permanently, but updates it quite often, e.g. 3 COM did it every few minutes, the situation returned to normal and, for example, after 5 minutes flood again. Before I checked what and how, I have to admit that I ran around the cages and clients. I had networks several years ago, new networks, taken over, were sometimes built in such a strange way that such eggs were commonplace. I immediately switched to DHCP with blocking, as someone entered a static IP or changed the MAC in the subnet to one that was not entered in the database, it immediately blocked it, only in this way I managed to deal with such users who know better than an amine how the computer should be configured. To sum up, if you get two MAC's in one subnet, the internet will start to disappear on both computers.

P.S. I also had a notification on my e-mail that someone changed their IP or MAC, and I had an SMS notification on the e-mail, so if someone changed it, I immediately received an SMS. And one more thing, when I wanted to have access to the Internet from any computer, I changed his MAC to one of his subnets, but which no one used. Unfortunately, there was no protection for this, it was only a limit of connections in the network, and if someone did not pay, after blocking, he could change the MAC to a neighbor, then only physical disconnection or blocking of his port, but only in managed swiches.