Mac Move feature not supported (6509 with dual sup 1 and IOS 12.1)

Discussion in 'Cisco' started by Dustin, Oct 20, 2005.

  1. Dustin

    Dustin Guest

    I just took over admin duties for my new employer a few weeks ago. My
    third week on the job we had some issues that may have been caused by a
    security compromise from my predecessor. We had to manually recover
    the passwords on all of our network devices (about twenty switched, six
    routers, two pix, and one vpn concentrator). I have been pouring over
    the pix configs and feel comfortable with them. We have also setup
    ACLs for network management of the devices. Now, I am worried about
    our big iron switch, the 6509. Whenever I do a "show running-config"
    or a "write memory" or a "write net ...", I get this message, "Mac Move
    feature not supported." There is nothing obvious in the configuration.
    I have seen nothing of this error, relating to Cisco devices, on the
    groups or Google.

    Any ideas?

    I am worried that it is a manual MAC address problem that was used in
    the possible security breach. There was a server whose network card
    stopped functioning properly, and I am thinking there may be no problem
    with the NIC... it is the switch and some MAC specific configuration...
    but, like I said, there is nothing obvious in the configs.


    Thanks,
    Dustin A. Dortch
    Dustin, Oct 20, 2005
    #1
    1. Advertising

  2. Dustin

    Merv Guest

    are you running native or hybrid mode ?

    Are these error messages occurring under IOS or CATOS?
    Merv, Oct 20, 2005
    #2
    1. Advertising

  3. Dustin

    Merv Guest

    what does the following command display:

    show mac-address-table notification mac-move
    Merv, Oct 20, 2005
    #3
  4. Dustin

    Dustin Guest

    It returns:

    Mac Move feature not supported

    Also, this is IOS.
    Dustin, Oct 20, 2005
    #4
  5. Dustin

    Dustin Guest

    It returns:

    Mac Move feature not supported

    Also, this is IOS.
    Dustin, Oct 20, 2005
    #5
  6. Dustin

    Merv Guest

    Does the wri mem complete or does it just fail with the eoor message
    that you posted?

    if not you should capture the current config onto a PC
    Merv, Oct 20, 2005
    #6
  7. Dustin

    Dustin Guest

    It completese fine.
    Dustin, Oct 20, 2005
    #7
  8. Dustin

    Merv Guest

    Dustin wrote:
    > It completese fine.


    Did you change something in the config so that you can see that it has
    canged if you do a show startup-config ???

    What is the configuration value setting ? Post the output of show
    version
    Merv, Oct 20, 2005
    #8
  9. Dustin

    Dustin Guest

    configuration register is 0x2102. The startup-config is identical to
    my running-config. Everything looks good in show version:

    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/30
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/31
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/32
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/33
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/34
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/35
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/36
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/37
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/38
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/39
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/40
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/41
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/42
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/43
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/44
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/45
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/46
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/47
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/48
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface Vlan1
    ip address 192.168.253.249 255.255.255.0
    ipx network DCC6320 encapsulation SAP
    !
    interface Vlan2
    no ip address
    !
    interface Vlan3
    no ip address
    !
    interface Vlan4
    no ip address
    lan-name Building
    !
    interface Vlan5
    ip address 192.168.10.253 255.255.255.0 secondary
    ip address 192.168.10.36 255.255.255.0
    no ip redirects
    ipx network DD8022A encapsulation SAP
    !
    interface Vlan100
    ip address 192.168.105.254 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan110
    ip address 192.168.110.1 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan111
    ip address 192.168.168.254 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan112
    ip address 192.168.160.1 255.255.255.0
    ip helper-address 192.168.10.42
    !
    router rip
    network 192.168.10.0
    network 192.168.105.0
    network 192.168.160.0
    network 192.168.168.0
    network 192.168.253.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.10.50
    ip route 10.1.0.0 255.255.0.0 192.168.10.6
    ip route 10.100.1.0 255.255.255.0 192.168.10.50
    ip route 10.100.2.0 255.255.255.0 192.168.10.6
    ip route 10.147.0.0 255.255.0.0 192.168.10.252
    ip route 10.150.1.0 255.255.255.0 192.168.10.252
    ip route 67.72.159.0 255.255.255.0 192.168.253.254
    ip route 172.20.0.0 255.255.0.0 192.168.10.252
    ip route 172.25.0.0 255.255.0.0 192.168.10.252
    ip route 172.30.1.0 255.255.255.0 192.168.10.6
    ip route 192.168.15.0 255.255.255.0 192.168.10.252
    ip route 192.168.17.0 255.255.255.0 192.168.10.252
    ip route 192.168.28.0 255.255.255.0 192.168.10.6
    ip route 192.168.95.0 255.255.255.0 192.168.253.95
    ip route 192.168.105.0 255.255.255.0 Vlan100
    ip route 192.168.175.0 255.255.255.0 192.168.253.175
    no ip http server
    !
    logging facility local5
    logging 192.168.10.7
    logging 192.168.10.13
    access-list 1 permit 192.168.10.28 log
    snmp-server community DDILookout RO 1
    snmp-server community DDIEnforce RW 1
    snmp-server enable traps snmp authentication warmstart linkdown linkup
    coldstart
    snmp-server enable traps chassis
    snmp-server enable traps module
    snmp-server enable traps casa
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps slb real virtual csrp
    snmp-server enable traps hsrp
    snmp-server enable traps entity
    snmp-server enable traps config-copy
    snmp-server enable traps fru-ctrl
    snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps bridge
    snmp-server enable traps stpx
    snmp-server enable traps flash insertion removal
    snmp-server enable traps rf
    snmp-server enable traps bgp
    snmp-server enable traps rsvp
    snmp-server enable traps frame-relay
    snmp-server enable traps syslog
    snmp-server enable traps rtr
    snmp-server enable traps dlsw
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps srp
    snmp-server enable traps sonet
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    password 7 112C1A0D18465D390A232D2B3A3E
    login
    line vty 0 4
    access-class 1 in
    password 7 03215803095B777940001F0A051F
    login
    transport input telnet
    !
    ntp clock-period 17179782
    ntp server 192.168.10.7 prefer
    !
    end

    ddi-6509#sh version
    Cisco Internetwork Operating System Software
    IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Sat 30-Oct-04 20:11 by yiyan
    Image text-base: 0x40008F90, data-base: 0x41B86000

    ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1)
    BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)

    ddi-6509 uptime is 1 week, 3 days, 19 hours, 36 minutes
    Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 35
    minutes
    System returned to ROM by power-on (SP by reload)
    System restarted at 15:26:57 EST Sun Oct 9 2005
    System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

    cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K
    bytes of mem
    ory.
    Processor board ID SCA052900B1
    R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3
    Cache
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    9 Virtual Ethernet/IEEE 802.3 interface(s)
    144 FastEthernet/IEEE 802.3 interface(s)
    20 Gigabit Ethernet/IEEE 802.3 interface(s)
    381K bytes of non-volatile configuration memory.

    16384K bytes of Flash internal SIMM (Sector size 512K).
    Standby is up
    Standby has 227328K/34816K bytes of memory.

    Configuration register is 0x2102

    ddi-6509#sh version
    Cisco Internetwork Operating System Software
    IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Sat 30-Oct-04 20:11 by yiyan
    Image text-base: 0x40008F90, data-base: 0x41B86000

    ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1)
    BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)

    ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes
    Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36
    minutes
    System returned to ROM by power-on (SP by reload)
    System restarted at 15:26:57 EST Sun Oct 9 2005
    System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

    cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K
    bytes of mem
    ory.
    Processor board ID SCA052900B1
    R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3
    Cache
    Last reset from power-on
    Bridging software.
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/32
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/33
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/34
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/35
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/36
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/37
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/38
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/39
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/40
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/41
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/42
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/43
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/44
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/45
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/46
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/47
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface FastEthernet9/48
    switchport
    switchport access vlan 5
    switchport mode access
    spanning-tree portfast
    !
    interface Vlan1
    ip address 192.168.253.249 255.255.255.0
    ipx network DCC6320 encapsulation SAP
    !
    interface Vlan2
    no ip address
    !
    interface Vlan3
    no ip address
    !
    interface Vlan4
    no ip address
    lan-name Building
    !
    interface Vlan5
    ip address 192.168.10.253 255.255.255.0 secondary
    ip address 192.168.10.36 255.255.255.0
    no ip redirects
    ipx network DD8022A encapsulation SAP
    !
    interface Vlan100
    ip address 192.168.105.254 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan110
    ip address 192.168.110.1 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan111
    ip address 192.168.168.254 255.255.255.0
    ip helper-address 192.168.10.42
    !
    interface Vlan112
    ip address 192.168.160.1 255.255.255.0
    ip helper-address 192.168.10.42
    !
    router rip
    network 192.168.10.0
    network 192.168.105.0
    network 192.168.160.0
    network 192.168.168.0
    network 192.168.253.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.10.50
    ip route 10.1.0.0 255.255.0.0 192.168.10.6
    ip route 10.100.1.0 255.255.255.0 192.168.10.50
    ip route 10.100.2.0 255.255.255.0 192.168.10.6
    ip route 10.147.0.0 255.255.0.0 192.168.10.252
    ip route 10.150.1.0 255.255.255.0 192.168.10.252
    ip route 67.72.159.0 255.255.255.0 192.168.253.254
    ip route 172.20.0.0 255.255.0.0 192.168.10.252
    ip route 172.25.0.0 255.255.0.0 192.168.10.252
    ip route 172.30.1.0 255.255.255.0 192.168.10.6
    ip route 192.168.15.0 255.255.255.0 192.168.10.252
    ip route 192.168.17.0 255.255.255.0 192.168.10.252
    ip route 192.168.28.0 255.255.255.0 192.168.10.6
    ip route 192.168.95.0 255.255.255.0 192.168.253.95
    ip route 192.168.105.0 255.255.255.0 Vlan100
    ip route 192.168.175.0 255.255.255.0 192.168.253.175
    no ip http server
    !
    logging facility local5
    logging 192.168.10.7
    logging 192.168.10.13
    access-list 1 permit 192.168.10.28 log
    snmp-server community DDILookout RO 1
    snmp-server community DDIEnforce RW 1
    snmp-server enable traps snmp authentication warmstart linkdown linkup
    coldstart
    snmp-server enable traps chassis
    snmp-server enable traps module
    snmp-server enable traps casa
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps slb real virtual csrp
    snmp-server enable traps hsrp
    snmp-server enable traps entity
    snmp-server enable traps config-copy
    snmp-server enable traps fru-ctrl
    snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps bridge
    snmp-server enable traps stpx
    snmp-server enable traps flash insertion removal
    snmp-server enable traps rf
    snmp-server enable traps bgp
    snmp-server enable traps rsvp
    snmp-server enable traps frame-relay
    snmp-server enable traps syslog
    snmp-server enable traps rtr
    snmp-server enable traps dlsw
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps srp
    snmp-server enable traps sonet
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    password 7 112C1A0D18465D390A232D2B3A3E
    login
    line vty 0 4
    access-class 1 in
    password 7 03215803095B777940001F0A051F
    login
    transport input telnet
    !
    ntp clock-period 17179782
    ntp server 192.168.10.7 prefer
    !
    end

    ddi-6509#sh version
    Cisco Internetwork Operating System Software
    IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Sat 30-Oct-04 20:11 by yiyan
    Image text-base: 0x40008F90, data-base: 0x41B86000

    ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1)
    BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)

    ddi-6509 uptime is 1 week, 3 days, 19 hours, 36 minutes
    Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 35
    minutes
    System returned to ROM by power-on (SP by reload)
    System restarted at 15:26:57 EST Sun Oct 9 2005
    System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

    cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K
    bytes of mem
    ory.
    Processor board ID SCA052900B1
    R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3
    Cache
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    9 Virtual Ethernet/IEEE 802.3 interface(s)
    144 FastEthernet/IEEE 802.3 interface(s)
    20 Gigabit Ethernet/IEEE 802.3 interface(s)
    381K bytes of non-volatile configuration memory.

    16384K bytes of Flash internal SIMM (Sector size 512K).
    Standby is up
    Standby has 227328K/34816K bytes of memory.

    Configuration register is 0x2102

    ddi-6509#sh version
    Cisco Internetwork Operating System Software
    IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Sat 30-Oct-04 20:11 by yiyan
    Image text-base: 0x40008F90, data-base: 0x41B86000

    ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1)
    BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)

    ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes
    Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36
    minutes
    System returned to ROM by power-on (SP by reload)
    System restarted at 15:26:57 EST Sun Oct 9 2005
    System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

    cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K
    bytes of mem
    ory.
    Processor board ID SCA052900B1
    R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3
    Cache
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    9 Virtual Ethernet/IEEE 802.3 interface(s)
    144 FastEthernet/IEEE 802.3 interface(s)
    20 Gigabit Ethernet/IEEE 802.3 interface(s)
    381K bytes of non-volatile configuration memory.

    16384K bytes of Flash internal SIMM (Sector size 512K).
    Standby is up
    Standby has 227328K/34816K bytes of memory.

    Configuration register is 0x2102
    Dustin, Oct 20, 2005
    #9
  10. Dustin

    Dustin Guest

    sorry about that... somehow my clipboard grabbed all of that, and I did
    not notice that I pasted that all. For clarity, here it is, by itself:

    ddi-6509#sh version
    Cisco Internetwork Operating System Software
    IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.
    Compiled Sat 30-Oct-04 20:11 by yiyan
    Image text-base: 0x40008F90, data-base: 0x41B86000

    ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1)
    BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2,
    RELEASE SOFTWA
    RE (fc1)

    ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes
    Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36
    minutes
    System returned to ROM by power-on (SP by reload)
    System restarted at 15:26:57 EST Sun Oct 9 2005
    System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

    cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K
    bytes of mem
    ory.
    Processor board ID SCA052900B1
    R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3
    Cache
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    9 Virtual Ethernet/IEEE 802.3 interface(s)
    144 FastEthernet/IEEE 802.3 interface(s)
    20 Gigabit Ethernet/IEEE 802.3 interface(s)
    381K bytes of non-volatile configuration memory.

    16384K bytes of Flash internal SIMM (Sector size 512K).
    Standby is up
    Standby has 227328K/34816K bytes of memory.

    Configuration register is 0x2102
    Dustin, Oct 20, 2005
    #10
  11. Dustin

    Merv Guest

    I agree with you that config register looks okay.

    I would open a case with the Cisco TAC.
    Merv, Oct 20, 2005
    #11
  12. Re: Mac Move feature not supported (6509 with dual sup 1 and IOS12.1)

    Dustin wrote:

    > I just took over admin duties for my new employer a few weeks ago. My
    > third week on the job we had some issues that may have been caused by a
    > security compromise from my predecessor. We had to manually recover
    > the passwords on all of our network devices (about twenty switched, six
    > routers, two pix, and one vpn concentrator). I have been pouring over
    > the pix configs and feel comfortable with them. We have also setup
    > ACLs for network management of the devices. Now, I am worried about
    > our big iron switch, the 6509. Whenever I do a "show running-config"
    > or a "write memory" or a "write net ...", I get this message, "Mac Move
    > feature not supported." There is nothing obvious in the configuration.
    > I have seen nothing of this error, relating to Cisco devices, on the
    > groups or Google.
    >
    > Any ideas?
    >
    > I am worried that it is a manual MAC address problem that was used in
    > the possible security breach. There was a server whose network card
    > stopped functioning properly, and I am thinking there may be no problem
    > with the NIC... it is the switch and some MAC specific configuration...
    > but, like I said, there is nothing obvious in the configs.
    >
    >
    > Thanks,
    > Dustin A. Dortch
    >


    Hi Dustin

    It seem's that the "mac-address-table notification mac-move" is in your config and the Cat doesn't support it with the
    actual IOS. Remove the statement in the config or upgrade. :)
    Actually it's an interesting security feature which should notify you if a MAC address seems to flip between two ports,
    which is not usual, unless you have roaming users, for example with WLAN notebooks or so. For more details please check:
    http://www.cisco.com/en/US/products..._guide_chapter09186a008007e70d.html#wp1079180


    --

    Best Regards

    Roberto Giana


    _____________________________________________________


    Giana Roberto Consulting - GiaRoCo
    https://www.giaroco.ch/

    _____________________________________________________
    Roberto Giana, Oct 20, 2005
    #12
  13. Dustin

    Dustin Guest

    Thanks for the idea. It is not in the config, however. I get the
    message anytime I show the running-config, or write the running-config
    to nvram or tftp, or whenever I `show mac-address-table notification
    mac-move`. It is nowhere to be found in the config. The only thing I
    am now suspicious of is spanning-tree portfast stuff. Could that
    possibly be doing it?

    Thanks,
    Dustin
    Dustin, Oct 20, 2005
    #13
  14. Dustin

    Guest

    Is it in the config if you tftp the
    running, and what the heck, the startup too
    off to a PC?

    Maybe it is in there but IOS can't display it 'cos,
    .... have a guess.

    It might be that it will go away if you tftp config off
    remove ofending command if present
    and then on again to startup.

    You will need a backout plan and if it is not actually affecting
    anything why take the risk?
    , Oct 20, 2005
    #14
  15. Dustin

    Dustin Guest

    I had thought about that, and I examined in after copying it off via
    tftp. It is not in there either. It is really starting to bother me.
    I may just reload the switch tonight. I have to recover a password on
    a router, anyway.
    Dustin, Oct 20, 2005
    #15
  16. Re: Mac Move feature not supported (6509 with dual sup 1 and IOS12.1)

    wrote:
    > Is it in the config if you tftp the
    > running, and what the heck, the startup too
    > off to a PC?
    >
    > Maybe it is in there but IOS can't display it 'cos,
    > ... have a guess.
    >
    > It might be that it will go away if you tftp config off
    > remove ofending command if present
    > and then on again to startup.
    >
    > You will need a backout plan and if it is not actually affecting
    > anything why take the risk?
    >


    Jep.. Maybee IOS doesn't display the feature because it's not supported, as it's writing on the console? :)

    Dustin: Did you allready try to enter "no mac-address-table notification mac-move" in the config? Maybe it reverts the
    feature in the running config.

    BTW: Your IOS version 12.1(23)E2 is listed as deferred. I would suggest to upgrade at least to 12.1(23)E4. But keep in
    mind the flash and memory requirements.

    Regarding your message I would suggest to have a detailed look at bug-id CSCee40403 at Cisco. Your IOS is also listed as
    affected. It says that your and former releases did a traceback when issuing the "show mac-addre..." command and that
    they "fixed" it by removing the feature and showing the message you read.

    In my opinion your predecessor maybe tried to configure that feature and got also the same command and reverted it. That
    might be why you can't see it anymore. But some part of the IOS in the Cat still remembers it. Had already similar
    problems. The only way to make the Cat forget about that command was/might be to boot it. Had already a situation where
    such a thing could only be solved by powercycling the box.
    It's been a long time since where I stopped to ask about "Why?" or "How come?" when working with Cisco... ;-)



    --

    Best Regards

    Roberto Giana


    _____________________________________________________


    Giana Roberto Consulting - GiaRoCo
    https://www.giaroco.ch/

    _____________________________________________________
    Roberto Giana, Oct 20, 2005
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas Novin
    Replies:
    6
    Views:
    9,163
    Sam Wilson
    Nov 14, 2003
  2. netman42
    Replies:
    7
    Views:
    6,383
    Chris Thomas
    Apr 19, 2004
  3. NNTP
    Replies:
    1
    Views:
    2,431
    Ivan Ostres
    Jul 28, 2004
  4. thebighere

    question on power 6509 sup 720

    thebighere, May 9, 2005, in forum: Cisco
    Replies:
    2
    Views:
    1,562
    Andrey Tarasov
    May 10, 2005
  5. Brian V
    Replies:
    1
    Views:
    868
    John Taylor
    Dec 4, 2006
Loading...

Share This Page