Cisco Switching/Routing :: 4507 - Packet Received With Invalid Source MAC Address
Feb 14, 2012
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports.
We have Cisco IP phones behind a 2600 series router:Most of the time when the PBX receives a packet from the phone, the source IP of the packet is set to the public IP of the router (1.2.3.4) as expected. However, once in a while, we get packets (at the PBX) with the source IP set to the private IP of the phone (10.0.0.12).The router is configured by our provider, and they can't give us any explanation for this behaviour. Is it safe to assume that PAT is not configured properly at the router?
One of our Cat5513 has been displaying a lot of the error message below:
%SYS-4-P2_WARN: 8/Invalid traffic from multicast source address 01:00:5a:52:4c:4d on port 8/58
The frequency of this is quite disturbing. What this error is about? Module no.8 is our Gigabit Ethernet WS-X5410. Can that multicast address be mapped to an IP address or unicast mac-addresS? How can i go about resolving this?
I am having an issue where MAC addresses from my user PC's are registering on different ports than the ones they are plugged in to. I have my PC's plugged in to my Cisco phones (most of which are 7941's), and then patched back to my switch, (4507 or 4006). The issue is that a user will be working fine, they will have both their PC and Phone MAC's registered on the correct prot and then with out intervention the PC MAC addresses will register itself with another physical port and the user will pull a 169.x.x.x address and have not access to the network. This is happening to multiple users all of which are hardwired. Port security is configured to allow 3 MAC's, obviously if I change that to 2 it will not allow an incorrect MAC's to register with that port, but I would like to know why this is happening. Both the 4507 and 4006 have been up for 1 year and 33 weeks. The fix has been to find out where their MAC has registered it self, unplugg that PC from the phone, and let the port security aging time (2min) clear all MAC's from the port.
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
I have Cisco 3560x layer 3, but there is one problem with MAC ACL. Here is sample scenario:
I have two V LANS 2 & 3. There is one device (D1) on V LAN 2 and three (D2,D3,D4) devices on V LAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all. I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct? Is there way of preventing device with same IP but different MAC from talking to device it should not to, keeping in mind that the packet will be routed?
2 ISP's connected to a 4507, both with seperate public IP blocks. Based on some source IP addresses on the LAN they would either use ISP-A or ISB-B's connection based on what I define.
Problem Host A unable to reach Host B, trace route from Host A it reach to Router B but the packet unable reach to the Host B here the 1st level troubleshoot I did
1. Traceroute and ping success from router A to host B
2. Ping success from router B to host B success
I wonder the packet reach to router B but it didnt pass to Host B.
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
I have a ASA5540 firewall set-up with an interface MTU of 1500.
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this. Any command that can be run on the firewall to display the MTU packet size being received on an interface?
We are also running Solar Winds so could query an OID if such a variable exists.
I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.
I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server. The server can get to outside hosts OK, and the traffic is being NATed properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send 'announcement' UDP packets to the inside server. I thought this might be an outside-NAT-required issue to get the traffic routed, but I need the inside server to see the actual outside host source IP in the UDP packet, so I basically set the outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the destination (inside server) subnet, and its gateway is the outside interface of the ASA, the same way the inside server is able to get to hosts outside. The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
I have the appropriate ACL's set up, and when I do 'show access-list' I see policy hits for the 'permit' statements where the outside host is generating the announcement and it's hitting the ACL. I even duplicated the ACL into list 101 and 102, and applied 101 for inbound traffic on the outside int, and applied 102 for outbound traffic on the inside int, and I'm seeing policy hits on both permit statements outside and inside, so it looks like the traffic is being passed on to the inside interface and permitted, but the server isn't seeing the packets.
I can ping the outside interface from the outside, but cannot ping the inside interface or any inside hosts from the outside, even though I have 'permit icmp any any' enabled on the ACL on both ints. When I remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
I set up the same scenario in my lab with an ASA 5505, with the same results. Below is the running config from the 5505 in the lab. The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
Any "best practices" or recommendations on how to migrate from a fixed router (3745) to vlan routing on Catalyst 4507 switches in order to minimize the disruption to the network.
I obtain this message on Nexus 7000:2011 Dec 22 03:37:53 NNN %STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on port-channel1 VLAN0020 and following with err-disabled port ?[URL]
I have a Catalyst switch that is redistributing some static routes into OSPF. These are received on a Nexus 7K and appear in the database however the 7K does not add them to its routing table, one of the routes is ignored and not added. I haven't got a clue why this is happening.
The routes on the Catalyst are as follows with ID of 172.30.255.22:
ip route 172.24.59.0 255.255.255.0 10.56.7.46 ip route 192.168.168.0 255.255.255.0 10.56.7.62
sh ip ro 172.24.59.0/24IP Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric] 172.24.59.0/24, ubest/mbest: 1/0 *via 172.30.253.10, Po7, [110/20], 20w4d, ospf-NCC, type-2
sh ip ro 192.168.168.0/24IP Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric] Route not found
I am having a Cisco 4507 switch. The CPU on the switch is running between 50% to 60% constantly. To troubleshoot I collected some logs using debugs & show commands.
debug platform packet all receive buffer show platform cpu packet buffered debug platform packet all count show platform cpu packet statistics show processes cpu sorted | exc 0.00 show platform health show platform cpu packet statistics
show platform health output shows the below process crossing the target value.
%CPU %CPU RunTimeMax Priority Average %CPU Total Target Actual Target Actual Fg Bg 5Sec Min Hour CPU Stub-JobEventSchedul 10.00 13.41 10 47 100 500 13 13 10 5462:52 K2PortMan Review 3.00 5.35 15 11 100 500 4 4 3 1799:47
What I need to know is, though these process are running in Low Priority, will there be any issue if the CPU goes high due to these process.
Could not find a valid file in BOOT environment variable. BOOT variable can be set from IOS. To find currently setRom Monitor variables, type 'set' command.
Choosing a boot method, type 'confreg' command.rommon 1
We have recently purchased a 5Mbit line with a second ISP and will have the line activated tomorrow. In addition, we recently obtained our AS number through ARIN. How would I configure the second ISP to be used for load balancing/failover?
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
We will deploy several 4507 with 2xsup7 as a L2 access switches for our office.Does LAN_Base IOS version support SSO or we need purchase IP_Base IOS (L3)?
SSH has been enabled on our one and only 4507 switch for several months and working fine. A few weeks ago the switch had to be reloaded and when it was back online I couldn't SSH to it. When I connected via the console and typed "show ip ssh" it came back saying I needed to generate the keys. Did that and it starting working again. The same switch had to turned off and on the other day due to a power down in the server room and when it came back the same thing happened again!!
The version of IOS is: cat4000-i5k91s-mz.122.20.EW
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
we have a core switch 4507RE at the data center and 2 departments that connect to it via 10Gig fiber using X2-LRM modules. Each department has a 3 switch stack and both locations are identical w.r.t type and setup scenario.the stack comprises of 1 x 3750E and 2 x 3750G . uplink is from X2 port tengig3/0/1 from the 3750E switch.
All of a sudden dept B started facing problem , where the ping would break and throughput comes around 6 - 7 mbps from that dept to the server behind the core switch. we also noted CRC error on both sides preodically.
we replaced the multimode fiber patch cords, re did the splicing , which stopped the CRC errors to appear.now since morning the uplink port on the 3750E (3/0/1) would suddenly be in "down" state with (err-disabled) as the status when i run sh int ten 3/0/1
and i can also see CRC errors and input errors on the same interface.. if i do shut / no shut .. the port is up and active again.. but this has happned 3 times today.the core swith side is still OK and no CRC / input / output errors are seen..
now on the 3750E i have swapped the 10gig module from 3/0/1 to 3/0/2 . the port is still up but i can see 400 CRC and 500 Input errrors.the module is also OK as i had replaced it with dept 1's module.
