Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET

Does anyone have experience tshooting the following error:

Oct 25 08:06:39: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 21005 time

s)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi

1/14 in vlan 302

I cannot capture this with a sniffer, likely because the NIC on the SNiffer is discarding the frame sourced from 00:00:00:00:00:00.

Here is my switchport config for 1/14, which has a Nortel VMGC attached...

interface GigabitEthernet1/14

description vmgc 1 10.11.10.166

switchport access vlan 302

switchport mode access

service-policy input LAN_Ingress

qos trust dscp

tx-queue 3

bandwidth percent 20

priority high

shape percent 20

spanning-tree portfast

spanning-tree bpduguard enable

We have opened a case with Nortel, but they are requiring a sniffer trace for further, which per above I cannot determine.

Thanks in Advance, Andrew

1 REPLY

Re: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET

Hmmm...what's on VLAN302, PCs? and u are right about the sniffer. Cisco suggests harsh port security which is just what an attacker would want.

I hope the below helps:

http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&index=all&locale=en&query=%25C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET&counter=0&paging=5&links=reference&sa=Submit

1. %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid source MAC address ( [mac-addr] ) on port [char] in vlan [dec]

A packet was received with an all zero or a multicast source address. The packet is treated as invalid and no learning is done. Excessive flow of such packets can waste CPU cycles. This message is rate-limited and is displayed only for the first such packet received on any interface or VLAN. Subsequent messages will display cumulative count of all such packets received in given interval on all interfaces.

Recommended Action: Check the switch configuration file to find the source of these packets on the specified port and take corrective action to fix them at the source end. You can also enable port security on that interface to shutdown the port if the incoming rate of packets with invalid source mac address is too high by issuing the switchport port-security limit rate invalid-source-mac command.

Related documents- No specific documents apply to this error message.

335
Views
0
Helpful
1
Replies