Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cataylst 6500 - Learning MAC on Access Port

Please let me know if the following is possible:

1- A port on the Cisco 6500, Fa1/1, is configured as an access port

     int fa1/1

     switchport mode acess

     switchport access vlan 100

     speed 100

     duplex full

     no cdp enable

     spanning-tree bpdufilter enable

2- There are no SVI on this switch

3- A customer is stating that they see our MAC of interface Fa1/1 on their equipment

Is this possible?  How can they learn the MAC address, could they be using wireshark?

-Mn

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cataylst 6500 - Learning MAC on Access Port

Hello,

The LOOP packets can be stopped using the no keepalive interface command but I do not recommend it because in such case, you are removing a mechanism to detect self-looped ports.

Do you believe there is any inherent security risk in the customer knowing the MAC address of the port he is connected to?

Best regards,

Peter

4 REPLIES
Cisco Employee

Re: Cataylst 6500 - Learning MAC on Access Port

Hello,

Most probably, the port is still emitting the so-called LOOP frames to detect a self-looped port. These frames are sent approximately once per minute, and both their source and destination is the MAC address of the originating port. This may be the reason why your customer can see your Fa1/1 MAC address on his equipment.

There is nothing to worry about. And by the way, the Wireshark utility can not elicit a response from your Fa1/1 port. It is a passive network scanner.

Best regards,

Peter

New Member

Re: Cataylst 6500 - Learning MAC on Access Port

Basically no way to stop the MAC learning by our customer, is this correct?  I really prefer no MAC learning on this Layer 2 service.

Mn

Cisco Employee

Re: Cataylst 6500 - Learning MAC on Access Port

Hello,

The LOOP packets can be stopped using the no keepalive interface command but I do not recommend it because in such case, you are removing a mechanism to detect self-looped ports.

Do you believe there is any inherent security risk in the customer knowing the MAC address of the port he is connected to?

Best regards,

Peter

New Member

Re: Cataylst 6500 - Learning MAC on Access Port

I definitely understand your point, and the customer is okay after all.  Thnks.

377
Views
0
Helpful
4
Replies
This widget could not be displayed.