Re: 3500 switch, port security, odd mac addresses

stith · ‎04-03-2003

Implemented port security on C3500XL switch running following IOS;

IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE

(fc1)

SWITCHA#sh run int fa0/39

Building configuration...

Current configuration:

!

interface FastEthernet0/39

port security max-mac-count 5

port security action shutdown

switchport access vlan 2

spanning-tree portfast

end

Shortly after implementing I received following syslog error from that switch;

Critical 30428: 44w4d: %PORT_SECURITY-2-SECURITYREJECT:

Security violation occurred on module 0 port 39 caused by MAC address e0e0.03ff.ff00

The mac address looked odd so I reviewed the secure mac table for the port;

SWITCHA#sh mac int fa0/39

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0050.dada.e2e7 Secure 2 FastEthernet0/39

e2e7.0085.e0e0 Secure 2 FastEthernet0/39

Again the second secure mac entry looked odd and since the offending address wasn’t on that port I started looking at other ports and found the offending address on another port;

SWITCHA #sh mac int fa0/40

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0001.03a9.4038 Secure 2 FastEthernet0/40

e0e0.03ff.ff00 Secure 2 FastEthernet0/40

I then reviewed the IEEE mac list and found no manufactuer for either e2e700 or e0e003. The mac addresses also appear to be offset.

0050.dada.e2e7

e2e7.0085.e0e0

e0e0.03ff.ff00

I then deleted both e2e7.0085.e0e0 and e0e0.03ff.ff00 from the secure mac table. Things continued with incident. An additional confusion is that neither port had multiple computers connected. Both had a single dell laptop connected.

But on reviewing both ports the following morning;

SWITCHA #sh mac int fa0/39

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0050.dada.e2e7 Secure 2 FastEthernet0/39

e0e0.03ff.ff00 Secure 2 FastEthernet0/39

SWITCHA #sh mac int fa0/40

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0001.03a9.4038 Secure 2 FastEthernet0/40

4038.0091.e0e0 Secure 2 FastEthernet0/40

Shows the one odd mac addresses back in the secure mac table and a second new odd mac address neither of which are valid vendor mac addresses and again the offset seems to be involved.

Any ideas on what is causing these invalid mac addresses to be entered into the secure mac table for these ports?

ivillegas · ‎04-09-2003

Your problem looks like you are running some application in the laptop which causes this. You can install a sniffer and try to indentify the source of the mac address, which will give a better knowledge of your problem.

Also you can try configuring static mac address by using the command

mac-address-table static

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/cmdref/macrcli.htm#xtocid2472932

Check for any print services which has any printing problem, which may trigger these kind of problem.

Hope this helps