After some advice on some odd switch log entries I'm seeing, and I wondered if anyone has an idea of what could be going on.
We're a small hosting company, running a VSS configuration on two 6509 Chassis leading off to C2960 rackswitches.
We host dedicated servers, both unix and windows based. We split subnets into /23's on seperate vlans, and grow our solution out through rackswitches with the additional vlans as we take on more customers. These Servers are on public IP's with a basic ACL in front. Customers can then purchase firewalls/additional security products as they see fit.
Recently, we began to get mac-addresses appearing in the logs, and the fleeting between different servers .
Recently, I am seeing the following entries in rackswitches logs.
After getting alerts of
These mac addresses are completely non-sensical, not registered to any companys nics, and appear to not be load balancing macs, or multicast. They're just randomly given mac addresses.
We have tried to place port-security on the rackswitches, but we still just get hits in the port-security violation logs now on the rackswitches
certain mac addresses appear ar random in the logs, and they usually occur on multiple rack-switches at around the same time
The 6509's never have log entries for this activity
Has anyone seen similar behaviour, or can give me any leads on what could be going on with these hosts?
All relevent details att'd.