Re: Port Security - Unknown MAC Address

david.bradley · ‎08-09-2004

Hi,

I've had a couple of instances where ports have discovered additional MAC addreses and been disabled, as they should, but workstations/NICs on the ports have not been changed.

2 MAC addresses have come up which I don't recognised, they are:

30-1c-08-00-45-00 - which I can't relate to any manufacturer, any idea how this got here?

and:

00-00-0c-07-ac-7b - which is a Cisco MAC. How could this happen, there's never been anything Cisco based on this port. This has happened on a couple of ports and I've had to allow 2 MAC entries for these ports.

There is probably a simple answer to this, but it's a mystery to me!

Dave

aashish.c · ‎08-09-2004

Hi David,

00-00-0c-07-ac-7b is HSRP`s virtual MAC addr. of group no. 123 (7b in HEX.) the ports which have discovered this MAC must be uplinked to routers where HSRP is running.

I dont understand the other MAC address, kindly check it its correct mac u have captured and on which ports you r getting this.

david.bradley · ‎08-09-2004

I copied and pasted the 30... MAC address from the Catalyst show command. Do you think this could be the result of a malformed frame?

The port where the HSRP multicast is logged is an access port. I guess the HSRP frame is going out of the port but shouldn't be coming back?

aashish.c · ‎08-09-2004

the unknown MAC could be due to malformed frame and HSRPs MAC address shouldn`t be logged under a port`s membership.

Just check the logs, r there any flappings reported, or any HSRP events. It seems that access port has learnt its own burnt-in MAC and HSRP`s MAC.

Just cehck the mac addres table and do u see any loops or address re-learning.