[c-nsp] SCADA/PLC systems- Weird MAC's

[Michael Balasko]

If someone out there is running any SCADA/PLC (Square D, Quantum)
systems that are hooked to Cat6500's, I'd appreciate it if I could
bounce an issue off you. Offlist is fine.  

For the curiosity killed the cat folks, we are seeing really odd mac's
showing up on the switchport some of the PLC's are hooked to. There is
only one mac that should show up, and I have been assured that I'm not
being helped with the addition of some sort of hub. The odd macs
resemble these 04:00:2C:05:00:20 and 0A:5D:74:F6:00:20.(IEEE OUI says
huh?) These macs seem to float in and out of the cam tables on the
switch. They could be different macs, but they generally start with 04
or 0A. It feels like the PLC is generating these things on it's own, but
I have been assured that this can't be happening. Port security is not
taking too kindly to these "ghost" mac's and before I reevaluate
port-security for these things I'd like to make sure that all of the
trees I'm seeing do indeed constitute a forest.  

Thanks!

Michael Balasko
CCSP,CCDA,MCSE,MCNE,SCP
Network Specialist II
City of Henderson
240 Water St. 
Henderson, NV 89015
p. 702-267-4337
f.  702-267-4302