Cisco Switching/Routing :: 4500 / Packet Received With Invalid Source MAC Address

Sep 3, 2012

Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p  t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports. 

View 2 Replies


Cisco Switching/Routing :: 4507 - Packet Received With Invalid Source MAC Address

Feb 14, 2012

Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112


View 9 Replies View Related

Cisco Switching/Routing :: 2600 - Source IP Set To Public When Packet Received

Mar 27, 2012

We have Cisco IP phones behind a 2600 series router:Most of the time when the PBX receives a packet from the phone, the source IP of the packet is set to the public IP of the router ( as expected. However, once in a while, we get packets (at the PBX) with the source IP set to the private IP of the phone ( router is configured by our provider, and they can't give us any explanation for this behaviour. Is it safe to assume that PAT is not configured properly at the router?

View 2 Replies View Related

Cisco Switching/Routing :: 4500 L3 / 500 Invalid Port Command

Nov 14, 2012

i just want to ask whether i should do some configurations or not on my cisco switch 4500 L3 regarding the error of 500 invalid port command when host try to access FTP active on to FTP server, i just did static route on gig interface with no switchport mode to that host network, all traffic type was allowed except the FTP with active mode?

View 7 Replies View Related

Cisco Infrastructure :: 5513 - Invalid Traffic From Multicast Source Address

Feb 8, 2006

One of our Cat5513 has been displaying a lot of the error message below:
%SYS-4-P2_WARN: 8/Invalid traffic from multicast source address 01:00:5a:52:4c:4d on port 8/58
The frequency of this is quite disturbing. What this error is about? Module no.8 is our Gigabit Ethernet WS-X5410. Can that multicast address be mapped to an IP address or unicast mac-addresS? How can i go about resolving this?

View 5 Replies View Related

Cisco Switching/Routing :: Unicast Flood On 3750 - How To Determine Source MAC Address

Feb 27, 2013

There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).

View 11 Replies View Related

Cisco Switching/Routing :: Set Management IP Address And Gateway On A 4500?

Apr 24, 2012

In mucking around with my 4500 I accidently deleted the ip address that I use to get into it with telnet and CNA. I have a console cable hooked up to and I'm in that way but the commands I got off the internet did not work. Those commands were set interface sc0 10.x.x.x/xx and set interface me1 10.x.x.x/xx. It didn't like interface and I notices when I did a set ?

View 6 Replies View Related

Cisco Switching/Routing :: Filter IP Traffic By MAC Address On Catalyst 4500?

Dec 19, 2012

We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not   work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work  either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000). 

View 3 Replies View Related

Cisco Switching/Routing :: High CPU For Catalyst 4500 K2L2 Address Table R?

May 8, 2011

My Catalayst 4507 is reaching up to 82% CPU utilization and I noticed that K2L2 Address Table R is causing the high CPU.
C4507#sh processes cpu | in HiPri|LoPri|CPU utilizationCPU utilization for five seconds: 82%/1%; one minute: 86%; five minutes: 87%  54   350533923 329104616       1065 13.27% 13.84% 13.86%   0 Cat4k Mgmt HiPri  55  1771768520 274992685       6442 59.91% 64.55% 66.04%   0 Cat4k Mgmt LoPri
 C4507#sh platform health | in K2L2|%CPuK2L2 Address Table R   2.00  66.35     12      5  100  500   91  82   58  27272:55K2L2 New Static Addr   2.00   0.00     10      0  100  500    0   0    0  0:00K2L2 New Multicast A   2.00   0.00     10      5  100  500    0   0    0  0:18K2L2 Dynamic Address   2.00   0.00     10      5  100  500    0   0    0  0:16K2L2 Vlan Table Revi   2.00   0.00     12      8  100  500    0   0    0  1:22

View 2 Replies View Related

Cisco Switching/Routing :: 4500 - Single IP Address On Both Sides Of Port Channel

Feb 19, 2013

We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each  non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.

View 2 Replies View Related

Cisco Switching/Routing :: 3560 - MAC ACL / Address Will Change When Packet Routed

Nov 8, 2012

I have Cisco 3560x layer 3, but there is one problem with MAC ACL. Here is sample scenario:

I have two V LANS 2 & 3. There is one device (D1) on V LAN 2 and three (D2,D3,D4) devices on V LAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all. I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct? Is there way of preventing device with same IP but different MAC from talking to device it should not to, keeping in mind that the packet will be routed?

View 1 Replies View Related

Cisco Switching/Routing :: 4500 / 3560 - DHCP Redundancy - IP Helper Address Point To HSRP?

Jan 5, 2012

My actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?

Example 1
        |              4500               |
        interface Vlan1
         ip address
         ip helper-address
         standby 1 ip


View 3 Replies View Related

Cisco :: ASA Received Large Packet?

Jan 13, 2011

I've got a lot of these messages in my logs from SVC users:Code:

View 13 Replies View Related

Cisco :: Packet Didn't Received By Host

May 12, 2011

Problem Host A unable to reach Host B, trace route from Host A it reach to Router B but the packet unable reach to the Host B here the 1st level troubleshoot I did

1. Traceroute and ping success from router A to host B

2. Ping success from router B to host B success

I wonder the packet reach to router B but it didnt pass to Host B.

View 5 Replies View Related

Cisco :: (Received Encrypted Packet With No Matching SA / Dropping)

Jun 24, 2011

Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?

View 3 Replies View Related

Cisco :: ASA5540 - Run Firewall To Display MTU Packet Size Being Received On Interface?

Jul 5, 2012

I have a ASA5540 firewall set-up with an interface MTU of 1500.  
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this.  Any command that can be run on the firewall to display the MTU packet size being received on an interface?
We are also running Solar Winds so could query an OID if such a variable exists.

View 1 Replies View Related

AAA/Identity/Nac :: ACS 4.0 / 4500 Switch - External DB User Invalid Or Bad Password

Apr 19, 2011

I have problem with Cisco ACS 4.0 "Windows" with core 4500 switch "cat4500-ENTSERVICESK9-M 12.2"  the problem shows only on one device  "x.x.x.x" the problem is " Authen failed-------badcred------External DB user invalid or bad password" i can see it in failed attempt. on the same side i can see in Passed Authentications for same record "Authen OK", i can login to the mentioned switch using my ACS credentials and not local database credentials
can debug this from ACS if not how can view the authentication records from core switch?

View 8 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 / 11014 RADIUS Packet Contains Invalid Attribute(s)?

Mar 19, 2012

how I can determine what attribute is coming up as 'invalid' ?Tried full debug and looked at all the logs - nothing.

View 1 Replies View Related

Cisco WAN :: 7609 / Invalid Packet (too Large) Length 34176

Aug 19, 2012

There are many log messages on our three 7609 routers .
Aug 16 06:17:22.664 beijing: Invalid packet (too large) length=34176
Aug 16 06:29:13.102 beijing: Invalid packet (too large) length=34176
Aug 16 06:45:23.403 beijing: Invalid packet (too large) length=34176
Aug 16 16:46:17.245 beijing: Invalid packet (too large) length=34176
Aug 16 16:46:26.257 beijing: Invalid packet (too large) length=34176
Aug 16 17:15:30.621 beijing: Invalid packet (too large) length=34176
Aug 16 17:54:51.775 beijing: Invalid packet (too large) length=34176


View 1 Replies View Related

Cisco VPN :: ASA 5505 - Remote Firewall Does Not Receive Single Packet From Source IP

Jun 3, 2012

I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
let's call them: 1 branch
2 branch 
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.

View 2 Replies View Related

Cisco Firewall :: 5520 - Inside Server To See Actual Outside Host Source IP In Udp Packet

Mar 3, 2013

I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server.   The server can get to outside hosts OK, and the traffic is being NATed  properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send  'announcement' UDP packets to the inside server.  I thought this might be an  outside-NAT-required issue to get the traffic routed, but I need the inside server to see the  actual outside host source IP in the UDP packet, so I basically set the  outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the  destination (inside server) subnet, and its gateway is the outside  interface of the ASA, the same way the inside server is able to get to  hosts outside.  The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
I have the appropriate ACL's set up, and when I do 'show access-list' I  see policy hits for the 'permit' statements where the outside host is  generating the announcement and it's hitting the ACL.  I even duplicated  the ACL into list 101 and 102, and applied 101 for inbound traffic on  the outside int, and applied 102 for outbound traffic on the inside int,  and I'm seeing policy hits on both permit statements outside and  inside, so it looks like the traffic is being passed on to the inside  interface and permitted, but the server isn't seeing the packets.
I can ping the outside interface from the outside, but cannot ping the  inside interface or any inside hosts from the outside, even though I  have 'permit icmp any any' enabled on the ACL on both ints. When I  remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
I set up the same scenario in my lab with an ASA 5505, with the same results.  Below is the running config from the 5505 in the lab.  The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
: Saved
ASA Version 8.3(1)
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address
interface Vlan3
description Inside LAN Interface
nameif inside(code)

View 6 Replies View Related

Cisco Switching/Routing :: Clarification On ARP 1700 Received More Than 30 Entries

Apr 15, 2013

As a matter of fact i am new to this field .I have cisco 1700 series router which has ea0 and FE 0 port
E0 connected to LAN and FA0 for ISP ,both are configured wit publisc ip.and ststic route to ISP. (E0 connected to switch and fa0 connected to ISP MUX)
When i issued sho arp command i have received  more than 30 entries of  MAC and IP  address . I am wondering how i received this much mac in arp table.

View 5 Replies View Related

Cisco Switching/Routing :: Received SSTP BPDU With Bad TLV On Nexus 7000?

Jan 11, 2012

I obtain this message on Nexus 7000:2011 Dec 22 03:37:53 NNN %STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on port-channel1 VLAN0020 and following with err-disabled port ?[URL]

View 3 Replies View Related

Cisco Switching/Routing :: Nexus 7K Ignoring Received OSPF Route?

Mar 25, 2013

I have a Catalyst switch that is redistributing some static routes into OSPF. These are received on a Nexus 7K and appear in the database however the 7K does not add them to its routing table, one of the routes is ignored and not added. I haven't got a clue why this is happening.
The routes on the Catalyst are as follows with ID of
ip route
ip route
on the 7K the database shows:   1374       0x80001a44 0x1a48    0   1374       0x80001a45 0x6c5b    0
The routing table shows:
sh ip ro Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric], ubest/mbest: 1/0    *via, Po7, [110/20], 20w4d, ospf-NCC, type-2
sh ip ro Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric] Route not found

View 5 Replies View Related

Cisco Switching/Routing :: LMS 4.0 Able To Forward SNMP Traps Received From Device Registered

Nov 16, 2011

Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?

View 0 Replies View Related

Cisco Switching/Routing :: Invalid Image For Platform Of WS-C4507R?

Aug 24, 2012

A customer wants to upgrade an IOS Base (cat4500-ipbasek9-mz.122-25.SG4.bin) of a WS-C4507R Cisco, for a  IOS that have a enterprices functionalities.We install an IOS cat4500e-entservicesk9-mz.122-53.SG5.bin, but we had the following results:
config-register = 0x2102
Autobooting specified file using Variable BOOT .....
Current BOOT file is --- bootflash: cat4500e-entservicesk9-mz.122-53.SG5.bin


View 1 Replies View Related

Cisco Switching/Routing :: 1921 Default Password Invalid

Apr 17, 2013

I bought a cisco router last week. The reseller said it is a brand new one. However, when I try to set it with console cable connecting to PC, the default password does not work. I tried to use control+break to get access to rommon for password recovery. The tera term pro displayed nothing at all! In thin case, what should I do to setup the router? Dose the reset button in the back work to restore the router to factory setting(which means i can use default username and password)?

View 1 Replies View Related

Cisco Switching/Routing :: 2911 - Invalid Memory Action

May 1, 2012

We have a Cisco 2911 router. We installed a EHWIC-4ESG module and configured the router based on configuration below.
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M1.bin"
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
7 Gigabit Ethernet interfaces
1 terminal line(code)

View 3 Replies View Related

Cisco Switching/Routing :: 3750 - Tagging Traffic By IP Source And Destination?

Dec 2, 2012

I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup.  All i want to do is just tag traffic at different DCSP values via source and destination IPs.  We do not have a need to be priortizing traffic on out internal switches.  We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
Our environments is primarily 3750s in all offices.

View 6 Replies View Related

Cisco Switching/Routing :: 3750 / How To Identify Broadcast Traffic Source

Feb 23, 2012

We have 2 switches split across 2 datacentres connected via an interconnect.  Over the past couple of days the interconnect provider's Cisco kit has shut down our port (err-disabled) due to a broadcast storm.  They had the level set at 1 which I thought was a bit low.  They say they tried to set to 2, then 5 but still kept tripping the storm-control feature so they set at 10.  They say they've always had it set at 1% (on a 100Mb switch) and so we must be generating more broadcast traffic.
I'm trying to identify where the broadcast traffic is coming from.  On our Cisco 3750 I've clear interface counters and when I do a sh run | i broadcasts there are a few ports which have what seems like a high broadcast count.  The one port that is especially high and the only one tripping the storm-control feature (I've enabled on all our ports to try to identify where the traffic is coming from) is the port connected to the 100Mb interconnect.  I've mirrored that port to another port and connected a server with wireshark so I can capture all the traffic across that port. 
What I'm struggling to find is the source of the broadcast traffic.I have a few questions are these broadcasts layer 3 or layer 2 broadcasts.  Also in the output below when it says broadcasts received is this inbound to the port i.e. from the connected device or is this a total of inbound and outbound broadcasts.
When I use wireshark and filter the capture on broadcasts (ff:ff:ff:ff:ff:ff) I see only 200-300 compared to the thousands the switch is reporting.If I filter on the broadcast IP address I also don't see the numbers corresponding to what I see in the show interface output.
GigabitEthernet1/0/1 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 0014.a93f.7401 (bia 0014.a93f.7401)
  Description: Interconnect
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 4/255, rxload 44/255
  Encapsulation ARPA, loopback not set

also I'm currently doing : monitor session 1 source int g1/0/1 both, and also tried just rx incase I just need to be looking at receive traffic but still nothing is standing out.

View 10 Replies View Related

Invalid Next Hop Address

May 2, 2011

I have made a test lab on packet tracer with three routers in triangle shape after each router i connected a switch with on each switch four end devices . now i want to make a routing table on each router, but the probleme is that each time i get an error "invalid next hop address ( its this router)". i am sure its the right gateway i type in .

View 3 Replies View Related

Cisco Switching/Routing :: Nexus 7K Version 6.0(4) Route Redistribution (path Invalid)

Sep 6, 2012

Is there a known bug for Nexus 7K version 6.0(4) related to route redistribution?I have few vlan interfaces and being redistributed to the BGP.vlan interfaces are all up ang pingable.After configuring redistribution, vlan route is not in the bgp table.sho ip bgp is saying "path invalid" 
BGP routing table entry for, version 26302
Paths: (3 available, best #3)
Flags: (0x180c0021) on new-list, is not in urib, need resync with RIB, exported, has label
  vpn: version 47719, (0x100002) on xmit-list
  local label: 492294


View 7 Replies View Related

Cisco Switching/Routing :: 881w - ISR Invalid Memory Action At Interrupt Level

Feb 7, 2013

My company has an 881-w ISR that provides wireless and wired network functions for our small office (about 20 users).  I was attempting to create a new V LAN (another story), and was able to create the V LAN (4) and assign it a new IP.  However, when i came in today, and when i attempted to connect to the ISR, the serial console started spewing this over and over:
*Feb  8 13:31:32.479: %SYS-2-MALLOCFAIL: Memory allocation of 8 bytes failed from 0x81528DF0, alignment 0
Pool: Processor  Free: 131305952  Cause: Interrupt level allocation
Alternate Pool: I/O  Free: 17850656   Invalid memory action (malloc) at interrupt level -Traceback= 0x820168A0z 0x82E4
-Process= "<interrupt level>", ipl= 4 -Traceback= 0x81FF6FC8z 0x820168D0z 0x82E49944z 0x81528DF4z 0x800C3AF8z 0x800C4760z 0x810A1208z 0x810A6F8Cz 0x810BA9E0z 0x810BACBCz 0x80241A24z 0x8025ADE8z 0x8025E2F8z 0x8030ACD4z 0x804E1518z 0x80310368z

Now, I did leave the console session up overnight, as that's the only thing that I can think of.  As expected, our service contract had expired.  I did reboot the ISR, and I am looking to see if this can be fixed, or symptomatic of a larger issue, and time to replace?  At this point i can't even get it to stop, and thus cannot log in.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved