If you've used Cisco switch clustering in a basic network (for example, when all switches are connected together and <acronym title="Cisco Discovery Protocol">CDP</acronym> is enabled), you've likely never considered how this switches communicate with each other. You might assume that the switches are using IP addresses from a common VLAN to communicate. Although this seems reasonable, that's not the case.

<!--more-->

In this scenario, the switches automatically assign themselves an additional IP address in VLAN 1 (or whatever VLAN you defined as the cluster VLAN when adding members to the cluster). As long as the switches are communicating, this isn't a big deal. But, if you use access-lists to restrict access to your <acronym title="virtual terminal">VTY</acronym> lines, it's important to know how the switches decide on these addresses.

First, all addresses are assigned from the 10/8 netblock (10.0.0.0 - 10.255.255.255). The next three octets are derived from the last three octets of the MAC address converted from hexadecimal to decimal. So, here are a few real world examples:

• 0016.9d28.7e00 = 10.40.126.0
• 0016.47e2.0c40 = 10.226.12.64
• 0016.9d10.8c80 = 10.16.140.128

As far as I know, there's no way to see this address from the command line. Also, I'd like to know what the switch does in a situation where the automated system produces an IP that's already in use.