User Received “%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET:” error message on Cisco 4500.
Below is sample output of this error message.In this Example user received error message on 4500 Gig3/1 on which VM ware server is connected.
017474: Aug 14 13:17:19.193 IST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 145 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi3/1 in vlan 51
017475: Aug 14 20:04:24.386 IST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi3/1 in vlan 51
017476: Aug 15 07:40:49.992 IST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi3/1 in vlan 51
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: Packet received with invalid source MAC address ( [mac-addr] ) on port [char] in vlan [dec]
A packet was received with an all zero or a multicast source address. The packet is treated as invalid and no learning is done. Excessive flow of such packets can waste CPU cycles. This message is rate-limited and is displayed only for the first such packet received on any interface or VLAN. Subsequent messages will display cumulative count of all such packets received in given interval on all interfaces.
The bug message is informational and does not indicate any issue with the 4500. The 4500 is performing a security function and alerting the network engineer to the fact that invalid source ip addresses are being used on the network.
This bug cscto67828 was opened to have the 4500 drop these invalid packets in hardware instead of software. It is an enhancement to the software to allow the 4500 to drop these packets in hardware.
The way to isolate the source of this issue (invalid source mac address) is to find out the faulty NIC card that generates this error message or track down the device generating the invalid packet.
Check the switch configuration file to find the source of these packets on the specified port and take corrective action to fix them at the source end. You can also enable port security on that interface to shutdown the port if the incoming rate of packets with invalid source mac address is too high by issuing the switchport port-security limit rate invalid-source-mac command.
Please note that packets with invalid MAC address will be dropped anyway, all other Cisco Catalyst switches are silently dropping these packets in HW, 4k platform is explicitly generating logging message when such event is observed.
On 4k you can disable logging regarding this event (or actually tell switch to drop frame on ASIC level instead of CPU) with following command "mac address-table static 0.0.0 vlan 120 drop" this command is available since IOS 12.2(53)SG7 and later.