[c-nsp] MAC 00000000

Clinton Work clinton at scripty.com
Mon Mar 14 22:41:24 EST 2005 

You could try a Unicast MAC filter for address 00-00-00-00-00-00. Other 
than tracking down the source
with a sniffer you don't have many options. I have seen the same problem 
on Catalyst 5000s with
ATM modules and its even worse in that environment.

Catalyst 4000 configuration guide for IOS 12.2EW:

To block all unicast traffic to or from a MAC address in a specified 
VLAN, perform this task:

Command
Router(config)# mac-address-table <static mac_address> vlan <vlan_ID> drop

Example:
Router# configure terminal
Router(config)# mac-address-table static 0050.3e8d.6400 vlan 12 drop

Konstantin Barinov wrote:

>Hi,
>
>Any idea, how to detect and disable lusers like this?
>
>This is Cat 4000, showing messages below.
>
>There are Cats 2950 and other switches downstream, who keep silence
>about users with mac 00000. Also no switches have mac 000000 in their
>mac-address tables (yes, they should not have it).
>
>
>2005 Mar 14 18:45:06 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 3/2 and port 2/32
>2005 Mar 14 18:45:23 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:45:38 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 3/2 and port 2/32
>2005 Mar 14 18:45:51 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:46:07 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:46:23 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:46:39 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:46:53 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>2005 Mar 14 18:47:08 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 3/2 and port 2/32
>2005 Mar 14 18:47:22 EET +02:00 %SYS-4-P2_WARN: 1/Host 00:00:00:00:00:00 is flapping between port 2/32 and port 3/2
>
>
>
>
>br
>--
>Konstantin Barinov
>INFONET AS, Tallinn, Estonia
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>

More information about the cisco-nsp mailing list