Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
5
Replies

multiple MAC addresses on a switchport

cisco24x7
Level 6
Level 6

‎09-01-2008 12:45 PM - edited ‎03-06-2019 01:06 AM

I have a pair of Checkpoint NGx R65

running in ClusterXL Active/Active

Unicast mode.

Eth0 of FW1 is connect to Catalyst switch SW1 6513 port 7/7 and Eth0 of FW2

is connected to Catalyst switch SW2 6513 port 7/8. There is an EtherChannel

trunk between these two switches.

When I connect to SW1 and run "show cam dynamic 7/7" I see this:

CAT6513-1> sh cam dynamic 7/7

* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.

X = Port Security Entry $ = Dot1x Security Entry M = Mac-Auth-Bypass Entry

Destination Ports or

VLAN Dest MAC/Route Des [CoS] Age VCs / [Protocol Type]

---- ------------------ ----- ---------- ---------------------

199 00-15-17-79-12-c6 0 7/7 [ALL]

199 00-d0-fe-8e-40-03 0 7/7 [ALL]

199 00-00-00-00-fe-00 0 7/7 [ALL]

199 00-d0-fe-8e-64-03 0 7/7 [ALL]

Total Matching CAM Entries Displayed = 4

CAT6513>

00-15-17-79-12-c6 = Firewall #1 physical MAC address

00-d0-fe-8e-40-03 = Cisco MAC address (no idea where it comes from)

00-00-00-00-fe-00 = Firewall #1 ClusterXL MAC address

00-d0-fe-8e-64-03 = Cisco MAC address (no idea where it comes from)

can someone tell me where the other Cisco

MAC addresses come from? I could not

find those mac addresses anywhere on the

switchports on both switches.

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-01-2008 11:07 PM

Hello David,

I would look at the other Catalyst CAT6513-2 they send out some L2 multicast frames for CDP, VTP and so on. In sending these frames they use their own MAC addresses as source.

verify with a sh module if 00-d0-fe-8e-40-03 and 00-d0-fe-8e-64-03 are in the MAC address block of device CAT6513-2

Hope to help

Giuseppe

0 Helpful

andrew.prince
Level 10
Level 10
In response to Giuseppe Larosa

‎09-01-2008 11:26 PM

David,

A MAC address earch reveals:-

MAC Address

Prefix Vendor

00D0FE Astral Point

Astral point are an optical fibre transmission manufactoring company, what is the trunk between the swtiches? Is it fibre?

HTH>

0 Helpful

cisco24x7
Level 6
Level 6
In response to andrew.prince

‎09-02-2008 03:11 AM

Thank you guys. I will check. Andrew, yes, they are connected by fibre.

If I replace the Checkpoint NGx R65 firewalls

with Checkpoint NG with Application Intelligence

R55 firewalls, I will NOT see those MAC

addresses on the switchport. Why?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to cisco24x7

‎09-02-2008 09:42 AM

Hello David,

probably they have a different behaviour on L2 traffic.

If you can, try to use SPAN to capture the traffic and you will see what kind of frames have source MAC address the ones you see on switch.

What is strange is that the Astral should be in the middle so you should always see its frames !

Hope to help

Giuseppe

0 Helpful

pet.goh
Level 1
Level 1

‎10-06-2008 07:19 AM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card