Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Very weird problem

We use the Concord ehealth monitoring system for network performance reports, recently this system reported a problem with mangled packet on the Network as shown below.

mangled packet from10.168.11.216

wrong auth header type

mangled packet from10.168.6.164

wrong auth header type

mangled packet from10.168.17.94

wrong auth header type

mangled packet from10.168.11.215

wrong auth header type

All these addresses are DHCP issued, when I do a show ip arp for any of these addresses on my RSM and find the mac-address on my cat5500 Switch cam table it always gives me two entries one of which is always a specific port (11/5) and the other port is any of our access layer Switches. Port 11/5 is an interface on our Local Director patched directly to the CAT5500, I located the host machines and their mac-addresses checks out with the output from the RSM and from the ports they are connected to on the access Switches. I also checked the mac-address on the local director and it checks out with the show cam entry on the CAT5500 for port 11/5. For some reason the CAT has multiple entries for the mac-addresses from these host and the weird thing is they all match the local director. I would apprecite any idea, thanks.


Re: Very weird problem

There are some issues with LD especially regarding the way it bridges two VLANS together, we have experienced this on LD416 running 4.2.3.

We actually had te root port thru the LD which is totally incorrect as there are two VLAN's and the two VLAN's somehow had the same Root Bridge ID... you might want to look at turning on Secure bridging