Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Mac Acess-list

I m receivng the below error in logging buffer.

C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 15 times)Packet received with invalid source MAC address (A1:14:97:1F:26:90) on port Te1/1 in vlan 2.

i have only 2 No's of Servers in vlan 2  and i hope from any one of the server is genenrating the false mac address packet. So i m thinking to apply a mac access-list for the 2 mac-addresses of the servers. pls confirm the below configuration are perfect. OR Suggest me some different solution, i have tried with port security but i m receiving  an error found duplicate mac-address. so i have switchover to this solution.

mac access-list extended vlan2

permit  host <1st server mac-address> any

permit host < 2nd server mac-address> any


Switch(config)# vlan access-map oracle-server-vlan 10

Switch(config-access-map)# match mac address vlan2

Switch(config-access-map)# action permit

Switch(config-access-map)# vlan access-map oracle-server-vlan 20

Switch(config-access-map)# action drop

Switch(config-access-map)# exit

Switch(config)# vlan filter oracle-server-vlan vlan-list 2


New Member

Re: Mac Acess-list

That does seem to be a bit of a sticky plaster solution rather than actually seeing what's causing the problem. Any access list adds processing load to the router and it would still be dropping bad packets.

Look in the routers arp table to see if the mac is resolved to any ip address then look at the switch forwarding table to see which physical port the mac is seen on!

It could be a dodgy nic or someone has manually entered an illegal value..

Sent from Cisco Technical Support iPad App

New Member

Mac Acess-list


I m using this solution becz i have seen in the arp table there is no other IP resolving except only 1 IP and also i have seen the port as well it is with the same IP and MAC

Other than the above what else i can do to resolve the issue,

Any more hints will be appreciated.


New Member

Re: Mac Acess-list

Sorry but does that mean you know which server is generating the illegal packets?

All I'm saying is either a server nic is configured with a sw overide mac or is faulty. Once you put that filter on you've got to mange that, I.e. you go on hols and someone wants to add a new device on the LAN you'll have to keep adding MACs. What if the hw goes faulty and the new server is plugged in with a new MAC?

Sent from Cisco Technical Support iPad App

CreatePlease to create content