Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Incorrect MAC logs in 4507 Switches ,

Sep  1 20:13:11: %C4K_IOSINTF-5-INCORRECTSRCMAC: Source mac (78da.6e09.f3bf) in the packet matches the source mac of the router on interface Gi5/2
Sep  1 20:13:15: %C4K_IOSINTF-5-INCORRECTSRCMAC: Source mac (78da.6e09.f3bf) in the packet matches the source mac of the router on interface Gi5/2
Sep  1 20:22:22: %C4K_IOSINTF-5-INCORRECTSRCMAC: Source mac (78da.6e09.f3bf) in the packet matches the source mac of the router on interface Gi5/2

Above logs observed in user connected 4 switches , its changing ports after some interval of times.Can somebody help what may be the issue ?

if i use sh ip arp | in  78da.6e09.f3bf , getting VLAN & Port-channel IP

11 REPLIES
Cisco Employee

%C4K_IOSINTF-5

%C4K_IOSINTF-5-INCORRECTSRCMAC: Source mac ([mac-addr]) in the packet
matches the source mac of the router/VRRP/HSRP mac on interface [char]

The client that is authenticating has a reserved source MAC address. This
can occur when a client MAC address is misconfigured, or when the system is
under attack.

Recommended Action: Block the MAC address and investigate the source device.

https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search
<https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&
counter=0&paging=5&links=reference&index=all&query=%25C4K_IOSINTF-5-INCORREC
TSRCMAC>
&counter=0&paging=5&links=reference&index=all&query=%25C4K_IOSINTF-5-INCORRE
CTSRCMAC:
 
This could due to a loop in the network. The issue needs to be troubleshoot
it when it is happening in order to find what is causing the loop on the
network. 

 Kindly provide  a "show cdp neigh g5/2" for the ports showing the errors
and a "show mac address-table interface gi5/2" of the ports showing the
error.

 

HTH

Inayath

Cisco Employee

 show arp | in 78da.6e09.f3bf

 

show arp | in 78da.6e09.f3bf
.. Check for Vlan and port-channel number.
- Port-channel number--Check the interfaces which are part of port-channel.
-- Then check to which switch those interfaces are connected to---
-- this way you need to go to the end of the leaf node untill you find the mac address (78da.6e09.f3bf).

New Member

Tried as per above suggestion

Tried as per above suggestion , but still above MAC is learning via Port-channel or port members of this port channel.I am not able to find the end user port from where this MAC is learning.

Also this mac is showing as hardware address 

 

sh int po12 | in 78da.6e09.f3bf
  Hardware is EtherChannel, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)

sh int vl20 | in 78da.6e09.f3bf
  Hardware is Ethernet SVI, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
cz2r2-users#

sh int gi3/3 | in  78da.6e09.f3bf
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)

Cisco Employee

Hi,Can you do:- show mac

Hi,

Can you do:

- show mac-address-table | in 78da.6e09.f3bf (or show mac address-table | in 78da.6e09.f3bf )

- Look at the given ports

- Follow the previously given steps from insharie


"- Then check to which switch those interfaces are connected to---
- this way you need to go to the end of the leaf node untill you find the mac address (78da.6e09.f3bf)."

 

Kind regards,

- Ed

New Member

It is local to this

It is local to this switch

show mac address-table | in 78da.6e09.f3bf
  10      78da.6e09.f3bf    static ip,ipx,assigned,other Switch                     
  20      78da.6e09.f3bf    static ip,ipx,assigned,other Switch                     
Po12      78da.6e09.f3bf    static ip,ipx,assigned,other Switch                     
Po13      78da.6e09.f3bf    static ip,ipx,assigned,other Switch 

other 2 user switches showing similar behavior  which are connected to core switch via port channels.not able to find this MAC in any other switch

Cisco Employee

Can you provide "show

Can you provide "show interface | in GigabitEthernet|78da.6e09.f3bf ", please?

I would like to assume port Gi3/3 owns the authentic BIA mac address per your feedback but I want to assure it.

sh int gi3/3 | in  78da.6e09.f3bf
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)

Every time the issue occurs, the MAC address table should be learning two ports for the same MAC address. One may lead to the authentic port, whereas the other may lead to the source of the loop or an end node. The latter, by following the procedure mentioned by Inayath.

New Member

Hi,show interface | in

Hi,

show interface | in GigabitEthernet|78da.6e09.f3bf


TenGigabitEthernet3/1 is administratively down, line protocol is down (disabled) 
  Hardware is Ten Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
TenGigabitEthernet3/2 is administratively down, line protocol is down (disabled) 
  Hardware is Ten Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
GigabitEthernet3/3 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
GigabitEthernet3/4 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
GigabitEthernet3/5 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
GigabitEthernet3/6 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet Port, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
GigabitEthernet5/1 is down, line protocol is down (notconnect) 
GigabitEthernet5/2 is up, line protocol is up (connected) 

 Hardware is EtherChannel, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
  Hardware is EtherChannel, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
  Hardware is Ethernet SVI, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
  Hardware is Ethernet SVI, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)
  Hardware is Ethernet SVI, address is 78da.6e09.f3bf (bia 78da.6e09.f3bf)

removed other ports up down from above output.

 

Cisco Employee

hmm..interesting. I see you

hmm..interesting. I see you have already open the TAC case for this...probably we will work on the TAC case to see if we are hitting any bug or known issue.

 

HTH

Regards

Inayath

New Member

Yes , i was just checking on

Yes , i was just checking on forum if anybody came across similar issue 

Are your PortChannels "on" or

Are your PortChannels "on" or negotiated?  It sounds like the sort of thing that can happen when one end of a link thinks it has a PortChannel and the other end does not.

 

Kevin Dorrell
Luxembourg

New Member

Hi Inayath,Thanks for reply

Hi Inayath,

Thanks for reply.

All the ports showing in logs are end user port , there is no cisco device in sh cdp ne , 

 

SH MAC ADDress-table INT GI5/2 


Multicast Entries
 vlan      mac address     type    ports
---------+---------------+-------+--------------------------------------------
  10      ffff.ffff.ffff   system Gi1/7,Gi1/9,Gi1/11,Gi1/22,Gi1/33,Gi1/47
                                  Gi2/7,Gi2/13,Gi2/15,Gi2/20,Gi2/29,Gi2/31
                                  Gi2/33,Gi2/37,Gi2/46,Gi2/48,Gi5/2,Gi5/24
                                  Gi5/28,Gi5/32,Gi5/34,Gi5/35,Gi5/37,Gi5/38
                                  Gi5/39,Gi5/40,Gi5/41,Gi5/42,Gi5/43,Gi5/44
                                  Gi5/47,Gi5/48,Gi6/2,Gi6/3,Gi6/4,Gi6/5,Gi6/6
                                  Gi6/11,Gi6/13,Gi6/15,Gi6/17,Gi6/19,Gi6/21
                                  Gi6/23,Gi6/29,Switch
  20      ffff.ffff.ffff   system Gi1/7,Gi1/9,Gi1/11,Gi1/22,Gi1/33,Gi1/47
                                  Gi2/7,Gi2/13,Gi2/15,Gi2/20,Gi2/29,Gi2/31
                                  Gi2/33,Gi2/37,Gi2/46,Gi2/48,Gi5/2,Gi5/24
                                  Gi5/28,Gi5/32,Gi5/34,Gi5/35,Gi5/37,Gi5/38
                                  Gi5/39,Gi5/40,Gi5/41,Gi5/42,Gi5/43,Gi5/44
                                  Gi5/47,Gi5/48,Gi6/2,Gi6/3,Gi6/4,Gi6/5,Gi6/6
                                  Gi6/11,Gi6/13,Gi6/15,Gi6/17,Gi6/19,Gi6/21
                                  Gi6/23,Gi6/29,Switch

GI5/2 is up , but not sure why not showing the Source MAC .

we are receiving these logs in all 4 LAN switches.

 

425
Views
0
Helpful
11
Replies
CreatePlease to create content