Old Cisco Systems LogoIf you've used Cisco switch clustering in a basic network (for example, when all switches are connected together and CDP is enabled), you've likely never considered how this switches communicate with each other. You might assume that the switches are using IP addresses from a common VLAN to communicate. Although this seems reasonable, that's not the case.

In this scenario, the switches automatically assign themselves an additional IP address in VLAN 1 (or whatever VLAN you defined as the cluster VLAN when adding members to the cluster). As long as the switches are communicating, this isn't a big deal. But, if you use access-lists to restrict access to your VTY lines, it's important to know how the switches decide on these addresses.

First, all addresses are assigned from the 10/8 netblock (10.0.0.0 - 10.255.255.255). The next three octets are derived from the last three octets of the MAC address converted from hexadecimal to decimal. So, here are a few real world examples:

  • 0016.9d28.7e00 = 10.40.126.0
  • 0016.47e2.0c40 = 10.226.12.64
  • 0016.9d10.8c80 = 10.16.140.128

As far as I know, there's no way to see this address from the command line. Also, I'd like to know what the switch does in a situation where the automated system produces an IP that's already in use.