Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

invalid broadcast messages logged

Kevin Melton
Level 2
Level 2

‎11-06-2003 12:57 PM - edited ‎03-02-2019 11:32 AM

in checking the logs on my 4006 switch, i have found these logged messages as follows:

2003 Nov 03 15:42:28 %ETHC-5-PORTTOSTP:Port 3/7 joined bridge port 3/7

2003 Nov 03 16:00:54 %ETHC-5-PORTFROMSTP:Port 3/7 left bridge port 3/7

2003 Nov 03 16:01:05 %ETHC-5-PORTTOSTP:Port 3/7 joined bridge port 3/7

2003 Nov 03 16:01:06 %ETHC-5-PORTFROMSTP:Port 3/7 left bridge port 3/7

2003 Nov 03 16:01:08 %ETHC-5-PORTTOSTP:Port 3/7 joined bridge port 3/7

2003 Nov 04 09:08:51 %ETHC-5-PORTTOSTP:Port 3/26 joined bridge port 3/26

2003 Nov 04 12:44:26 %ETHC-5-PORTFROMSTP:Port 3/26 left bridge port 3/26

2003 Nov 04 21:03:52 %ETHC-5-PORTFROMSTP:Port 3/3 left bridge port 3/3

2003 Nov 04 21:03:55 %ETHC-5-PORTTOSTP:Port 3/3 joined bridge port 3/3

2003 Nov 05 08:18:32 %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address ff:ff:ff:ff:ff:ff on port

1/1

2003 Nov 05 09:33:12 %ETHC-5-PORTFROMSTP:Port 3/12 left bridge port 3/12

2003 Nov 05 09:33:14 %ETHC-5-PORTTOSTP:Port 3/12 joined bridge port 3/12

2003 Nov 05 09:34:24 %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address ff:ff:ff:ff:ff:ff on port

1/1

2003 Nov 05 09:41:02 %ETHC-5-PORTFROMSTP:Port 3/5 left bridge port 3/5

2003 Nov 05 09:41:02 %DTP-5-NONTRUNKPORTON:Port 3/5 has become non-trunk

2003 Nov 05 09:41:27 %DTP-5-TRUNKPORTON:Port 3/5 has become dot1q trunk

2003 Nov 05 09:41:29 %ETHC-5-PORTTOSTP:Port 3/5 joined bridge port 3/5

2003 Nov 05 10:21:33 %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address ff:ff:ff:ff:ff:ff on port

1/1

2003 Nov 06 10:11:26 %ETHC-5-PORTFROMSTP:Port 3/3 left bridge port 3/3

2003 Nov 06 10:11:28 %ETHC-5-PORTTOSTP:Port 3/3 joined bridge port 3/3

I am concerned that this may be some sort of "spoofing" attempt. the port 1/1 is a physical Gigabit (GBIC) port coming from a 3500 XL switch...

why does the 4006 see this as invalid traffic?? is this someone spoofing or a virus??

thanks in advance

Labels:
0 Helpful
1 Reply 1

tsettle
Level 3
Level 3

‎11-06-2003 03:01 PM

Ethernet source MAC address must be unique unicast addresses they cannot have the group-bit set as in the all F's broadcast address. The Cat4k is alerting you to the fact that it has seen this packet and it will not enter the src address into the CAM table. The issue could be a spoof or it could also be a miss behaving workstation/NIC. The only way to troubleshoot this would be to start spanning the ports on the switch connected to 1/1 and looking for the source port on that device, if the src is another switch repeat the process until you reach the end device.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card