Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
3
Replies

Mac Acess-list

jack samuel
Level 1
Level 1

‎11-20-2011 06:47 AM - edited ‎03-04-2019 02:20 PM

I m receivng the below error in logging buffer.

C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 15 times)Packet received with invalid source MAC address (A1:14:97:1F:26:90) on port Te1/1 in vlan 2.

i have only 2 No's of Servers in vlan 2  and i hope from any one of the server is genenrating the false mac address packet. So i m thinking to apply a mac access-list for the 2 mac-addresses of the servers. pls confirm the below configuration are perfect. OR Suggest me some different solution, i have tried with port security but i m receiving  an error found duplicate mac-address. so i have switchover to this solution.

mac access-list extended vlan2

permit  host <1st server mac-address> any

permit host < 2nd server mac-address> any

exit

Switch(config)# vlan access-map oracle-server-vlan 10

Switch(config-access-map)# match mac address vlan2

Switch(config-access-map)# action permit

Switch(config-access-map)# vlan access-map oracle-server-vlan 20

Switch(config-access-map)# action drop

Switch(config-access-map)# exit

Switch(config)# vlan filter oracle-server-vlan vlan-list 2

Thanks

Labels:
0 Helpful
3 Replies 3

Craig_Baum_2
Level 1
Level 1

‎11-20-2011 07:05 AM

That does seem to be a bit of a sticky plaster solution rather than actually seeing what's causing the problem. Any access list adds processing load to the router and it would still be dropping bad packets.

Look in the routers arp table to see if the mac is resolved to any ip address then look at the switch forwarding table to see which physical port the mac is seen on!

It could be a dodgy nic or someone has manually entered an illegal value..

Sent from Cisco Technical Support iPad App

0 Helpful

jack samuel
Level 1
Level 1
In response to Craig_Baum_2

‎11-20-2011 09:55 AM

Hi,

I m using this solution becz i have seen in the arp table there is no other IP resolving except only 1 IP and also i have seen the port as well it is with the same IP and MAC

Other than the above what else i can do to resolve the issue,

Any more hints will be appreciated.

Thanks

0 Helpful

Craig_Baum_2
Level 1
Level 1
In response to jack samuel

‎11-20-2011 02:23 PM

Sorry but does that mean you know which server is generating the illegal packets?

All I'm saying is either a server nic is configured with a sw overide mac or is faulty. Once you put that filter on you've got to mange that, I.e. you go on hols and someone wants to add a new device on the LAN you'll have to keep adding MACs. What if the hw goes faulty and the new server is plugged in with a new MAC?

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card