Hi Experts,
We had a core switch in our environment and experiencing high cpu utilization during the office hours( around 80% and some times in above 90%). Also noticed that some invalid source address packet is receiving from some interfaces. But the cpu utilization
1) Is there any relation between the cpu utilization and the invalid sourceaddress packet?
2) Is this indicating an inside attack or a faulty interface in switches/NIC Card?
Please see the output of show logging
Log Buffer (4096 bytes):
ppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00
:00) on port Gi3/2 in vlan 1
1y1w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y1w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129
1y1w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 3 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %SYS-6-CLOCKUPDATE: System clock has been updated from 07:32:33 UTC Mon Ja
n 30 2012 to 10:32:33 AST Mon Jan 30 2012, configured from console by CWLMS on v
ty1 (10.254.254.63).
1y2w: %SYS-5-CONFIG_I: Configured from console by CWLMS on vty1 (10.254.254.63)
1y2w: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:33:01 AST Mon Ja
n 30 2012 to 18:59:00 AST Mon Jan 30 2012, configured from console by CWLMS on v
ty1 (10.254.254.63).
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 4 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y2w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y3w: %SYS-5-CONFIG_I: Configured from console by CWLMS on vty3 (10.254.254.78)
1y3w: %SYS-5-CONFIG_I: Configured from console by CWLMS on vty3 (10.254.254.78)
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 129
1y3w: %SYS-5-CONFIG_I: Configured from console by CWLMS on vty5 (10.254.254.76)
1y3w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y4w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y4w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y4w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet receiv
ed with invalid source MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
1y4w: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid sour
ce MAC address (00:00:00:00:00:00) on port Gi3/2 in vlan 1
Kindly post your suggestions regarding this.
Advanced Thanks and Regards,
Sihanu N
