[c-nsp] Layer 2 security issue
Varaillon Jean Christophe
j.varaillon at cosmoline.com
Wed Sep 24 08:21:29 EDT 2008
Hi,
We are using Cisco 3550, 3560 for access and 4500 for the core.
All the ports of the users are port-secure enabled (switchport port-security
mac-address sticky).
We have enough cases where their ports get in err-disable status due to a
wrong MAC address source.
That mac address source is always the same for all cases that is: the mac
address of the default gateway of the users (vlan interfaces on 4500).
This means that the users are sending packets where the MAC address *source*
is the one of their default router.
An up to date antivirus scanning on those PCs did not lead anywhere.
Has anybody seen this recently?
Thank you.
Christophe
P Please consider your environmental responsibility before printing this
e-mail
_____
More information about the cisco-nsp
mailing list