Please assist me with this MAC-FLAPPING 9 issue.
VSS CISCO MAC ADDRESS FLAPPING SERIES
This was performed to troubleshoot CPU utilization issues on a Cisco Catalyst 4500 series switch but the same commands should be available to other Cisco switches which run the IOS firmware. Following images shows a Switchs MAC address table before and after flooding attack. The Virtual MAC Address is made up of a well known HSRP MAC Address, followed with a two character Hex field representing the group number in the following format: xx Highlighted in blue is the well known address for HSRP, and highlighted in red is the Hex value of the HSRP group, the group being a value between 0 255. The following will give you the commands you need to help identify MAC Address Flapping and High CPU Utilization on Cisco Catalyst series switch. Mar 19 09:17:22: %SW_MATM-4-MACFLAP_NOTIF: Host 8d5 in vlan 3 is flapping between port Po13 and port Po11Mar 19 11:47:40: %SW_MATM-4-MACFLAP_NOTIF: Host 606d.c734.6585 in vlan 3 is flapping between port Po14 and port Po13Mar 20 23:44:57: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Gi1/0/6Mar 21 00:20:01: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Gi1/0/6 and port Po30Mar 21 00:21:01: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Gi1/0/6 and port Po30Mar 21 00:22:01: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Gi1/0/6 and port Po30Mar 21 00:57:05: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 00:58:06: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 00:59:06: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:00:06: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:01:06: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:36:10: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:37:10: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:38:10: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:39:11: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po31Mar 21 01:40:11: %SW_MATM-4-MACFLAP_NOTIF: Host 9 in vlan 1 is flapping between port Po30 and port Po3 MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. I am not able to locate where the MAC address is.Ĭhecked all 22 switches, none has the MAC address.
I've been very curious about this MAC address issue.
0 kommentar(er)
