Cataylst 6500 - Learning MAC on Access Port

Answered Question
Aug 26th, 2010
User Badges:

Please let me know if the following is possible:

1- A port on the Cisco 6500, Fa1/1, is configured as an access port

     int fa1/1

     switchport mode acess

     switchport access vlan 100

     speed 100

     duplex full

     no cdp enable

     spanning-tree bpdufilter enable


2- There are no SVI on this switch

3- A customer is stating that they see our MAC of interface Fa1/1 on their equipment


Is this possible?  How can they learn the MAC address, could they be using wireshark?


-Mn

Correct Answer by Peter Paluch about 6 years 8 months ago

Hello,


The LOOP packets can be stopped using the no keepalive interface command but I do not recommend it because in such case, you are removing a mechanism to detect self-looped ports.


Do you believe there is any inherent security risk in the customer knowing the MAC address of the port he is connected to?


Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Peter Paluch Thu, 08/26/2010 - 14:54
User Badges:
  • Cisco Employee,

Hello,


Most probably, the port is still emitting the so-called LOOP frames to detect a self-looped port. These frames are sent approximately once per minute, and both their source and destination is the MAC address of the originating port. This may be the reason why your customer can see your Fa1/1 MAC address on his equipment.


There is nothing to worry about. And by the way, the Wireshark utility can not elicit a response from your Fa1/1 port. It is a passive network scanner.


Best regards,

Peter

fibernet570 Thu, 08/26/2010 - 15:14
User Badges:

Basically no way to stop the MAC learning by our customer, is this correct?  I really prefer no MAC learning on this Layer 2 service.


Mn

Correct Answer
Peter Paluch Thu, 08/26/2010 - 21:41
User Badges:
  • Cisco Employee,

Hello,


The LOOP packets can be stopped using the no keepalive interface command but I do not recommend it because in such case, you are removing a mechanism to detect self-looped ports.


Do you believe there is any inherent security risk in the customer knowing the MAC address of the port he is connected to?


Best regards,

Peter

fibernet570 Fri, 08/27/2010 - 14:31
User Badges:

I definitely understand your point, and the customer is okay after all.  Thnks.

Actions

This Discussion