Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16541
Views
0
Helpful
3
Replies

Packet received with invalid source MAC address

jennyjohn
Level 1
Level 1

‎09-03-2012 11:18 PM - edited ‎03-07-2019 08:40 AM

Most of the 4500 Switches in our network are giving the similar error for so many ports

%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p  t Gi2/6 in vlan 100

Its impossible to do a wireshark packet tracing for all the ports.

Could this be a software bug? Is there any solution of resolving this.

Thanks in advance.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

ossalman
Level 1
Level 1

‎09-03-2012 11:35 PM

Hi John,

This means a packet was received with an all zero (00:00:00:00:00:00) or a multicast source address, for example, FF:FF:FF:FF:FF:FF. which is a Layer 2 broadcast. 
The packet is treated as invalid and no learning is done.
Excessive flow of such packets can waste CPU cycles. This message is rate-limited and is displayed only for the first such packet received on any
interface or VLAN. 
Subsequent messages display the cumulative count of all such packets received in given interval on all interfaces.

////////////////////////////

Resolution        
///////////////
Check the switch configuration file in order to find the source of these
packets on the specified port and take corrective action in order to fix
them at the source end. For example, it can be due to a faulty NIC or
connected hub. You can also setup a SPAN session to identify the source.

Alternatively,  you can also issue the switchport port-security limit rate
invalid-source-mac command in order to enable port security on that
interface in order to shutdown the port if the incoming rate of packets with
invalid source mac address is too high.

These errors are only informative and are not directly related with the
switch. The important thing is to find the source of the packet or the
device that is sending the packet. This indicates that a bad packet was
received and was dropped. This could have been sourced as bad packet for
different reasons; such as the size of Ethernet frame reported different
from expected IP packet size. The issue can be reported due to bad NIC
cards, bad NIC drivers, or bad application.

This message is for informational purpose only. In older IOS versions, these
packets are normally dropped without being logged.

If you are receiving a large amount of these errors you might try to track
down the source device that is sending the erroneous packets, you'll need to
use a network sniffer. You might also examine the adjacent Cisco device for
other errors.

hope this helps, dont forget to rate...

thanks,
/Osama
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-04-2012 12:20 AM

Hello Jenny,

check if in your environment there are VMware instances that are started but not configured. We have seen these as sources of ethernet frames with all 0 source MAC addresses.

So it may not be a SW bug of the switch.

Once the VMware instances are configured ( including the MAC address  to be used by each of them) this kind of offending traffic disappears

Hope to help

Giuseppe

0 Helpful

afsharki2
Level 1
Level 1
In response to Giuseppe Larosa

‎06-08-2017 03:10 PM

What if you don't know the exact port where this is happening, but only the vlan and the switch?  How can you find out who the culprit is?  Seems to be no info about this online. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card