Cisco Switching/Routing :: 4507 - Packet Received With Invalid Source MAC Address
Feb 14, 2012
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
[Code]...
View 9 Replies
ADVERTISEMENT
Sep 3, 2012
Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports.
View 2 Replies
View Related
Mar 27, 2012
We have Cisco IP phones behind a 2600 series router:Most of the time when the PBX receives a packet from the phone, the source IP of the packet is set to the public IP of the router (1.2.3.4) as expected. However, once in a while, we get packets (at the PBX) with the source IP set to the private IP of the phone (10.0.0.12).The router is configured by our provider, and they can't give us any explanation for this behaviour. Is it safe to assume that PAT is not configured properly at the router?
View 2 Replies
View Related
Feb 8, 2006
One of our Cat5513 has been displaying a lot of the error message below:
%SYS-4-P2_WARN: 8/Invalid traffic from multicast source address 01:00:5a:52:4c:4d on port 8/58
The frequency of this is quite disturbing. What this error is about? Module no.8 is our Gigabit Ethernet WS-X5410. Can that multicast address be mapped to an IP address or unicast mac-addresS? How can i go about resolving this?
View 5 Replies
View Related
May 22, 2013
I am having an issue where MAC addresses from my user PC's are registering on different ports than the ones they are plugged in to. I have my PC's plugged in to my Cisco phones (most of which are 7941's), and then patched back to my switch, (4507 or 4006). The issue is that a user will be working fine, they will have both their PC and Phone MAC's registered on the correct prot and then with out intervention the PC MAC addresses will register itself with another physical port and the user will pull a 169.x.x.x address and have not access to the network. This is happening to multiple users all of which are hardwired. Port security is configured to allow 3 MAC's, obviously if I change that to 2 it will not allow an incorrect MAC's to register with that port, but I would like to know why this is happening. Both the 4507 and 4006 have been up for 1 year and 33 weeks. The fix has been to find out where their MAC has registered it self, unplugg that PC from the phone, and let the port security aging time (2min) clear all MAC's from the port.
View 3 Replies
View Related
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
View Related
Nov 8, 2012
I have Cisco 3560x layer 3, but there is one problem with MAC ACL. Here is sample scenario:
I have two V LANS 2 & 3. There is one device (D1) on V LAN 2 and three (D2,D3,D4) devices on V LAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all. I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct? Is there way of preventing device with same IP but different MAC from talking to device it should not to, keeping in mind that the packet will be routed?
View 1 Replies
View Related
Jan 21, 2013
2 ISP's connected to a 4507, both with seperate public IP blocks. Based on some source IP addresses on the LAN they would either use ISP-A or ISB-B's connection based on what I define.
View 3 Replies
View Related
Jan 13, 2011
I've got a lot of these messages in my logs from SVC users:Code:
View 13 Replies
View Related
May 12, 2011
Problem Host A unable to reach Host B, trace route from Host A it reach to Router B but the packet unable reach to the Host B here the 1st level troubleshoot I did
1. Traceroute and ping success from router A to host B
2. Ping success from router B to host B success
I wonder the packet reach to router B but it didnt pass to Host B.
View 5 Replies
View Related
Jun 24, 2011
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
View 3 Replies
View Related
Jul 5, 2012
I have a ASA5540 firewall set-up with an interface MTU of 1500.
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this. Any command that can be run on the firewall to display the MTU packet size being received on an interface?
We are also running Solar Winds so could query an OID if such a variable exists.
View 1 Replies
View Related
Mar 19, 2012
how I can determine what attribute is coming up as 'invalid' ?Tried full debug and looked at all the logs - nothing.
View 1 Replies
View Related
Aug 19, 2012
There are many log messages on our three 7609 routers .
Aug 16 06:17:22.664 beijing: Invalid packet (too large) length=34176
Aug 16 06:29:13.102 beijing: Invalid packet (too large) length=34176
Aug 16 06:45:23.403 beijing: Invalid packet (too large) length=34176
Aug 16 16:46:17.245 beijing: Invalid packet (too large) length=34176
Aug 16 16:46:26.257 beijing: Invalid packet (too large) length=34176
Aug 16 17:15:30.621 beijing: Invalid packet (too large) length=34176
Aug 16 17:54:51.775 beijing: Invalid packet (too large) length=34176
[code]....
View 1 Replies
View Related
Jun 3, 2012
I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
let's call them: 1 branch
A-172.16.4.0/24
B-172.16.2.0/24
2 branch
C- 10.10.10.0/24
D- 10.20.10.0/24
E- 10.66.10.0/24
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.
View 2 Replies
View Related
Mar 3, 2013
I have a 5520 in production at a customer's site between an outside 802.11 network and an inside server. The server can get to outside hosts OK, and the traffic is being NATed properly, and sockets initiated by the server on the inside can pass data both ways, but I need to allow outside hosts the ability to send 'announcement' UDP packets to the inside server. I thought this might be an outside-NAT-required issue to get the traffic routed, but I need the inside server to see the actual outside host source IP in the UDP packet, so I basically set the outside host up similar to the inside host, just without the NAT table on the firewall -- it's subnet is outside the destination (inside server) subnet, and its gateway is the outside interface of the ASA, the same way the inside server is able to get to hosts outside. The firewall should just route the packet with a destination of the inside subnet once it sees that it hits a 'permit' ACL.
I have the appropriate ACL's set up, and when I do 'show access-list' I see policy hits for the 'permit' statements where the outside host is generating the announcement and it's hitting the ACL. I even duplicated the ACL into list 101 and 102, and applied 101 for inbound traffic on the outside int, and applied 102 for outbound traffic on the inside int, and I'm seeing policy hits on both permit statements outside and inside, so it looks like the traffic is being passed on to the inside interface and permitted, but the server isn't seeing the packets.
I can ping the outside interface from the outside, but cannot ping the inside interface or any inside hosts from the outside, even though I have 'permit icmp any any' enabled on the ACL on both ints. When I remove the firewall and put the outside clients on the same subnet, the server sees the packets just fine.
I set up the same scenario in my lab with an ASA 5505, with the same results. Below is the running config from the 5505 in the lab. The production firewall is running a slightly older version of ASA, so I made the configuration as basic as possible on the 5505 to match the config in the field:
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password Guh9Xxhb9mcC8lV1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan2
description Outside WAN Interface
nameif outside
security-level 0
ip address 192.168.10.1 255.255.255.0
!
interface Vlan3
description Inside LAN Interface
nameif inside(code)
View 6 Replies
View Related
Apr 15, 2013
As a matter of fact i am new to this field .I have cisco 1700 series router which has ea0 and FE 0 port
E0 connected to LAN and FA0 for ISP ,both are configured wit publisc ip.and ststic route to ISP. (E0 connected to switch and fa0 connected to ISP MUX)
When i issued sho arp command i have received more than 30 entries of MAC and IP address . I am wondering how i received this much mac in arp table.
View 5 Replies
View Related
Feb 16, 2012
Any "best practices" or recommendations on how to migrate from a fixed router (3745) to vlan routing on Catalyst 4507 switches in order to minimize the disruption to the network.
View 4 Replies
View Related
Jan 11, 2012
I obtain this message on Nexus 7000:2011 Dec 22 03:37:53 NNN %STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on port-channel1 VLAN0020 and following with err-disabled port ?[URL]
View 3 Replies
View Related
Mar 25, 2013
I have a Catalyst switch that is redistributing some static routes into OSPF. These are received on a Nexus 7K and appear in the database however the 7K does not add them to its routing table, one of the routes is ignored and not added. I haven't got a clue why this is happening.
The routes on the Catalyst are as follows with ID of 172.30.255.22:
ip route 172.24.59.0 255.255.255.0 10.56.7.46
ip route 192.168.168.0 255.255.255.0 10.56.7.62
on the 7K the database shows:
172.24.59.0 172.30.255.22 1374 0x80001a44 0x1a48 0
192.168.168.0 172.30.255.22 1374 0x80001a45 0x6c5b 0
The routing table shows:
sh ip ro 172.24.59.0/24IP Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric]
172.24.59.0/24, ubest/mbest: 1/0 *via 172.30.253.10, Po7, [110/20], 20w4d, ospf-NCC, type-2
sh ip ro 192.168.168.0/24IP Route Table for VRF "default"'*' denotes best ucast next-hop'**' denotes best mcast next-hop'[x/y]' denotes [preference/metric] Route not found
View 5 Replies
View Related
Feb 14, 2012
How do I enable SSH on 4507. I do not see "ip ssh ..." commands config#ip ssh (I do not see "ip ssh " commnd)
Do i need to enable something else?
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)
View 1 Replies
View Related
Nov 19, 2012
I am having a Cisco 4507 switch. The CPU on the switch is running between 50% to 60% constantly. To troubleshoot I collected some logs using debugs & show commands.
debug platform packet all receive buffer
show platform cpu packet buffered
debug platform packet all count
show platform cpu packet statistics
show processes cpu sorted | exc 0.00
show platform health
show platform cpu packet statistics
show platform health output shows the below process crossing the target value.
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
Stub-JobEventSchedul 10.00 13.41 10 47 100 500 13 13 10 5462:52
K2PortMan Review 3.00 5.35 15 11 100 500 4 4 3 1799:47
What I need to know is, though these process are running in Low Priority, will there be any issue if the CPU goes high due to these process.
View 1 Replies
View Related
Jun 4, 2012
Could not find a valid file in BOOT environment variable. BOOT variable can be set from IOS. To find currently setRom Monitor variables, type 'set' command.
Choosing a boot method, type 'confreg' command.rommon 1
>setPS1=rommon ! >RommonVer=15.0(1r)SG5SupportedFeatures=1ConsecPostPassedCnt=2DiagMonitorAction=NormalCONFIG_FILE=bootflash:cat4500e-
[Code].....
View 11 Replies
View Related
Jun 13, 2012
Our organization currently has a Cisco 4507 acting as our core switch and 2 ASA525 firewalls.
Our existing ISP runs into our 4507. Here is the port config.
interface GigabitEthernet7/1
description ISP-DSL
switchport access vlan 10
[Code].....
We have recently purchased a 5Mbit line with a second ISP and will have the line activated tomorrow. In addition, we recently obtained our AS number through ARIN. How would I configure the second ISP to be used for load balancing/failover?
View 8 Replies
View Related
Nov 16, 2011
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
View 0 Replies
View Related
Sep 10, 2012
4507 Went To Romon During IOS upgrade.
View 3 Replies
View Related
Apr 26, 2012
We will deploy several 4507 with 2xsup7 as a L2 access switches for our office.Does LAN_Base IOS version support SSO or we need purchase IP_Base IOS (L3)?
View 1 Replies
View Related
Nov 29, 2012
SSH has been enabled on our one and only 4507 switch for several months and working fine. A few weeks ago the switch had to be reloaded and when it was back online I couldn't SSH to it. When I connected via the console and typed "show ip ssh" it came back saying I needed to generate the keys. Did that and it starting working again. The same switch had to turned off and on the other day due to a power down in the server room and when it came back the same thing happened again!!
The version of IOS is: cat4000-i5k91s-mz.122.20.EW
View 1 Replies
View Related
Nov 8, 2012
Is there any option to configure cisco 4507 to genrate log alert when cpu utilization or port utilization reaches above certain percentage.
View 2 Replies
View Related
Nov 29, 2011
I need to configure a port channel between two sw 4507R. with port Giga, but those port are in different modules.
Sw-1
interface GigabitEthernet5/48
description **** Conexion Switch-2*****
[Code].....
View 2 Replies
View Related
May 13, 2013
I have 4507 switch and I got the error of fan sensor which is mention below [code] What the meaning of FAN Sensor both are Bad/off ?
View 4 Replies
View Related
Aug 25, 2012
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
View 1 Replies
View Related
Jan 19, 2012
we have a core switch 4507RE at the data center and 2 departments that connect to it via 10Gig fiber using X2-LRM modules. Each department has a 3 switch stack and both locations are identical w.r.t type and setup scenario.the stack comprises of 1 x 3750E and 2 x 3750G . uplink is from X2 port tengig3/0/1 from the 3750E switch.
All of a sudden dept B started facing problem , where the ping would break and throughput comes around 6 - 7 mbps from that dept to the server behind the core switch. we also noted CRC error on both sides preodically.
we replaced the multimode fiber patch cords, re did the splicing , which stopped the CRC errors to appear.now since morning the uplink port on the 3750E (3/0/1) would suddenly be in "down" state with (err-disabled) as the status when i run sh int ten 3/0/1
and i can also see CRC errors and input errors on the same interface.. if i do shut / no shut .. the port is up and active again.. but this has happned 3 times today.the core swith side is still OK and no CRC / input / output errors are seen..
now on the 3750E i have swapped the 10gig module from 3/0/1 to 3/0/2 . the port is still up but i can see 400 CRC and 500 Input errrors.the module is also OK as i had replaced it with dept 1's module.
View 1 Replies
View Related