Dear Forum Members...
I'm seeing the following critical-level warning on my CISCO WS-2948-G switch console...
"2005 May 26 04:05:41 EDT -04:00 %SYS-4-P2_WARN: /Invalid traffic from multicast source address 45:00:00:90:bd:41 on port 2/49"
<> the port in question is our Gigabit fiber uplink, which feeds into a brandnew HP ProCurve Fiber-Controller. Other new HP ProCurve switches, and an old CableTron switch also uplink into that same Fiber Controller. I think we uplink the fiber controller to the default router, also Cisco.
<> I'm seeing this warning, on avg, about every 7-10 minutes.
<> The first 6 characters are always 45:00:00, with an occaisional entry being 45:00:01 ... but the last 6 chars vary quite a bit.. no pattern, as far as I can tell.
<> The 45:00:00 does not appear in any MAC Address vendor lists I have checked..
<> None of the MAC addresses I've checked were found in the switch's CAM table.
Can anyone tell me the best way to 'chase down' what system on the network is propagating these packets??
I tried using the Network Monitor tool on a Windows 2000 server system plugged into the switch. I was able to capture some packets from the network, and even the packets that communicate the warning from the Cisco Switch to my local Telnet Console window... but so far, I've not been able to capture the actual multicast packets themselves... the ones causing the problem.
I also tried changing the CGMP from disabled to enabled, thinking this would trigger the switch to fwd all the multicast packets to my monitoring stn, but I dont think it made any difference. Perhaps it made things worse?
The final thing I tried was to set SPAN using Port49 as the Source, and Port15 as the destination, and monitoring both XMT and RCV packets. Not sure sure what I'm doing wrong, or if its this Windows 2000 (chinzy) NetworkMonitor admin tool, but I just cant seem to capture and/or locate the offending packets so I can get a closer look at them. The MAC address mentioned in the warning just doesnt show up in the packets I'm picking up with Network Monitor.
Has anyone out there run across this problem, and if so, how did you go about tracing down the host??? I also have a laptop I just loaded with Fedora RedHat Linux, if anyone knows how to use it as a packet sniffer...
Thanks in advance for any help...
Alan
Atlanta, GA
5-26-05
I
I'm seeing the following critical-level warning on my CISCO WS-2948-G switch console...
"2005 May 26 04:05:41 EDT -04:00 %SYS-4-P2_WARN: /Invalid traffic from multicast source address 45:00:00:90:bd:41 on port 2/49"
<> the port in question is our Gigabit fiber uplink, which feeds into a brandnew HP ProCurve Fiber-Controller. Other new HP ProCurve switches, and an old CableTron switch also uplink into that same Fiber Controller. I think we uplink the fiber controller to the default router, also Cisco.
<> I'm seeing this warning, on avg, about every 7-10 minutes.
<> The first 6 characters are always 45:00:00, with an occaisional entry being 45:00:01 ... but the last 6 chars vary quite a bit.. no pattern, as far as I can tell.
<> The 45:00:00 does not appear in any MAC Address vendor lists I have checked..
<> None of the MAC addresses I've checked were found in the switch's CAM table.
Can anyone tell me the best way to 'chase down' what system on the network is propagating these packets??
I tried using the Network Monitor tool on a Windows 2000 server system plugged into the switch. I was able to capture some packets from the network, and even the packets that communicate the warning from the Cisco Switch to my local Telnet Console window... but so far, I've not been able to capture the actual multicast packets themselves... the ones causing the problem.
I also tried changing the CGMP from disabled to enabled, thinking this would trigger the switch to fwd all the multicast packets to my monitoring stn, but I dont think it made any difference. Perhaps it made things worse?
The final thing I tried was to set SPAN using Port49 as the Source, and Port15 as the destination, and monitoring both XMT and RCV packets. Not sure sure what I'm doing wrong, or if its this Windows 2000 (chinzy) NetworkMonitor admin tool, but I just cant seem to capture and/or locate the offending packets so I can get a closer look at them. The MAC address mentioned in the warning just doesnt show up in the packets I'm picking up with Network Monitor.
Has anyone out there run across this problem, and if so, how did you go about tracing down the host??? I also have a laptop I just loaded with Fedora RedHat Linux, if anyone knows how to use it as a packet sniffer...
Thanks in advance for any help...
Alan
Atlanta, GA
5-26-05
I