Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
7
Replies

Port Security Violations - Rogue MACs?

harotpa
Level 1
Level 1

‎05-24-2024 10:04 PM

Hi,

I currently am experiencing some strange port security violations on ports that are connected to some pretty old cameras. They're all coming from what appear to be junk MAC addresses, like 0000.4006.fcce, 0000.4006.7587, and they're nowhere close to the same MAC scheme as the devices plugged into those ports. The manufacturer of the device's MAC is now defunct and I know of no connection to it. We never had this problem before this week.

Could it be that the cameras are sending these weird MACs? The switches (9300L) currently reside in a locked room with no outside access, so I know no one is plugging in randomly.

The issue is happening on multiple ports that are only involving these Panasonic cameras, which is leading me to believe (hope) that it's just weirdness from them. Apologies if this is too vague lol.

UPDATE: Thanks to those who responded. It looks like they were ghost MAC addresses likely from a firmware issue from these old cameras. Much appreciated!

Labels:
0 Helpful
7 Replies 7

liviu.gheorghe
Spotlight
Spotlight

‎05-24-2024 10:42 PM

Hello @harotpa ,

Can you share the logs from the 9300 switches?

Have you tried restarting the cameras connected to the ports which are experiencing security violations?

Can you share the port configuration that are experiencing these issues?

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to liviu.gheorghe

‎05-25-2024 12:55 AM

May be sometime device faulty also give you random MAC address.

0000.4006. - as per looking this is valid looks for me as you look vendor lookup.

check any update required on the end point - or MAB using OUI by listing all the MAC address to temporary fix.

Also contact Vendor for MAC address of the device not correct.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎05-25-2024 05:22 AM

@harotpa wrote:
UPDATE: Thanks to those who responded. It looks like they were ghost MAC addresses likely from a firmware issue from these old cameras. Much appreciated!

@liviu.gheorghe@balaji.bandi 

0 Helpful

cotersavik
Level 1
Level 1
In response to Leo Laohoo

‎05-25-2024 02:45 PM

Hi,

I currently am experiencing some strange port security violations on ports that are connected to some pretty old cameras. They're all coming from what appear to be junk MAC addresses, like 0000.4006.fcce, 0000.4006.7587, and they're nowhere close to the same MAC scheme as the devices plugged into those ports. The manufacturer of the device's MAC is now defunct and I know of no connection to it. We never had this problem before this week.

Could it be that the cameras are sending these weird MACs? The switches (9300L) currently reside in a locked room with no outside access, so I know no one is plugging in randomly.

The issue is happening on multiple ports that are only involving these Panasonic cameras, which is leading me to believe (hope) that it's just weirdness from them. Apologies if this is too vague lol.

10.0.0.0.1 192.168.1.254
0 Helpful

marce1000
VIP
VIP
In response to cotersavik

‎05-26-2024 12:20 AM

 

     - Review this discussion : https://ipvm.com/discussions/mac-address-spoofing

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

vishalbhandari
Level 1
Level 1

‎05-26-2024 06:53 AM

The strange MAC addresses and the recent onset of the issue suggest that the cameras might be the source of the problem. By isolating and analyzing the traffic, updating firmware, and possibly adjusting port security settings temporarily, you can narrow down the cause. If the cameras are indeed malfunctioning, replacing them might be the most straightforward solution in the long term.

0 Helpful

mohamedlamine
Level 1
Level 1
In response to vishalbhandari

‎05-26-2024 07:12 AM

i totaly agree

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card