multiple mac-address on access port (with only one server connected)

Discussion in 'Cisco' started by Giuseppe, Dec 14, 2007.

  1. Giuseppe

    Giuseppe Guest

    Hi All

    I noticed a strange things regarding some access port on a 3550 switch.

    I see two mac-address when I issue "sh mac-address-table <IF>" command,
    but the only connected resource is a server ! The first mac is the one
    of the server interface, the second has the same vendor code but does
    not correspond to any of server's mac address...

    Has anyone ever happened a things like that ??


    Giuseppe, Dec 14, 2007
    1. Advertisements

  2. Giuseppe

    Trendkill Guest

    Could be a virtual IP address with some kind of generated mac. When
    you do a show arp on the router with an | include <mac>, what IP does
    it show? Same IP or different IP? I'd then start looking from there.
    Trendkill, Dec 14, 2007
    1. Advertisements

  3. Giuseppe

    Brian V Guest

    Do you have some type of teaming setup? 1 could be the virtual, the other
    the physical.
    Brian V, Dec 14, 2007
  4. Giuseppe

    Giuseppe Guest


    No IP associated with the second MAC address...



    Trendkill ha scritto:
    Giuseppe, Dec 14, 2007
  5. Giuseppe

    Giuseppe Guest

    The problem is that I don't manage the server. The guy who manage the
    server says that there is no teaming, I have the output output of
    ifconfig command shows alla mac address and the second mac is not in the
    list of interfaces mac address...



    Brian V ha scritto:
    Giuseppe, Dec 14, 2007
  6. Giuseppe

    Trendkill Guest

    Is it a VM server? Could be a mgmt interface. But since there is no
    IP, it isn't going anywhere in the network...probably nothing to worry
    Trendkill, Dec 14, 2007
  7. Perhaps the server has one of those newer Intel boards with firmware
    based remote management features. ISTR they implement that through a
    separate MAC address.

    Tilman Schmidt, Dec 17, 2007
  8. Giuseppe

    Trendkill Guest


    Is that a routable service/function (first time I've heard of it)?
    That may be the answer if its some kind of local management only, or
    has some kind of local function. If it doesn't have an IP in the
    router arp table though, it can't be anything that is routable.
    Unless of course it is for something that needs to be routable, but
    isn't configured, and still happens to be sending frames for some
    unknown reason.
    Trendkill, Dec 17, 2007
  9. Giuseppe

    alexd Guest

    You could mirror the port and run tcpdump/wireshark against it and see if
    there's any content to the frames.
    alexd, Dec 17, 2007
  10. It is using TCP/IP, yes. But it won't be configured with an IP address
    by default, so it may be sending DHCP Discover broadcast packets in
    order to obtain one, which would then show up in MAC forwarding tables
    but not in ARP tables.

    I don't know too much about the details of that thingy, though, never
    having used it myself. The keywords to look up would be "vPro", "IAMT"
    (for "Intel Active Management Technology") or "IME" ("Intel Management

    Tilman Schmidt, Dec 18, 2007
  11. Giuseppe

    bhanley72 Guest

    I know that the newer IBM servers have an IPMI MAC address for remote
    management capability on the server. So if your switch is IPMI aware,
    you'll see that second MAC address. The newest IBM servers have the
    capability of disabling this feature in the BIOS. Have your server guy
    try that. Otherwise there is an IBM utility to disable IPMI:
    brcm_fw_nic_1.0.0_windows_32-64.exe (there is a version for Linux I
    belive as well).

    bhanley72, Jan 3, 2008
  12. Giuseppe

    jlebourne Guest

    jlebourne, Feb 13, 2014
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.