1. Home
  2. Cisco Systems
  3. Mac Move feature not supported (6509 with dual sup 1 and IOS 12.1)

Mac Move feature not supported (6509 with dual sup 1 and IOS 12.1)

I just took over admin duties for my new employer a few weeks ago. My third week on the job we had some issues that may have been caused by a security compromise from my predecessor. We had to manually recover the passwords on all of our network devices (about twenty switched, six routers, two pix, and one vpn concentrator). I have been pouring over the pix configs and feel comfortable with them. We have also setup ACLs for network management of the devices. Now, I am worried about our big iron switch, the 6509. Whenever I do a "show running-config" or a "write memory" or a "write net ...", I get this message, "Mac Move feature not supported." There is nothing obvious in the configuration. I have seen nothing of this error, relating to Cisco devices, on the groups or Google.

Any ideas?

I am worried that it is a manual MAC address problem that was used in the possible security breach. There was a server whose network card stopped functioning properly, and I am thinking there may be no problem with the NIC... it is the switch and some MAC specific configuration... but, like I said, there is nothing obvious in the configs.

Thanks, Dustin A. Dortch

Reply to
Dustin
Loading thread data ...

are you running native or hybrid mode ?

Are these error messages occurring under IOS or CATOS?

Reply to
Merv

what does the following command display:

show mac-address-table notification mac-move

Reply to
Merv

It returns:

Mac Move feature not supported

Also, this is IOS.

Reply to
Dustin

It returns:

Mac Move feature not supported

Also, this is IOS.

Reply to
Dustin

Does the wri mem complete or does it just fail with the eoor message that you posted?

if not you should capture the current config onto a PC

Reply to
Merv

It completese fine.

Reply to
Dustin

Did you change something in the config so that you can see that it has canged if you do a show startup-config ???

What is the configuration value setting ? Post the output of show version

Reply to
Merv

configuration register is 0x2102. The startup-config is identical to my running-config. Everything looks good in show version:

switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/30 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/31 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/32 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/33 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/34 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/35 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/36 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/37 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/38 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/39 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/40 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/41 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/42 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/43 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/44 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/45 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/46 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/47 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/48 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface Vlan1 ip address 192.168.253.249 255.255.255.0 ipx network DCC6320 encapsulation SAP ! interface Vlan2 no ip address ! interface Vlan3 no ip address ! interface Vlan4 no ip address lan-name Building ! interface Vlan5 ip address 192.168.10.253 255.255.255.0 secondary ip address 192.168.10.36 255.255.255.0 no ip redirects ipx network DD8022A encapsulation SAP ! interface Vlan100 ip address 192.168.105.254 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan110 ip address 192.168.110.1 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan111 ip address 192.168.168.254 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan112 ip address 192.168.160.1 255.255.255.0 ip helper-address 192.168.10.42 ! router rip network 192.168.10.0 network 192.168.105.0 network 192.168.160.0 network 192.168.168.0 network 192.168.253.0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.10.50 ip route 10.1.0.0 255.255.0.0 192.168.10.6 ip route 10.100.1.0 255.255.255.0 192.168.10.50 ip route 10.100.2.0 255.255.255.0 192.168.10.6 ip route 10.147.0.0 255.255.0.0 192.168.10.252 ip route 10.150.1.0 255.255.255.0 192.168.10.252 ip route 67.72.159.0 255.255.255.0 192.168.253.254 ip route 172.20.0.0 255.255.0.0 192.168.10.252 ip route 172.25.0.0 255.255.0.0 192.168.10.252 ip route 172.30.1.0 255.255.255.0 192.168.10.6 ip route 192.168.15.0 255.255.255.0 192.168.10.252 ip route 192.168.17.0 255.255.255.0 192.168.10.252 ip route 192.168.28.0 255.255.255.0 192.168.10.6 ip route 192.168.95.0 255.255.255.0 192.168.253.95 ip route 192.168.105.0 255.255.255.0 Vlan100 ip route 192.168.175.0 255.255.255.0 192.168.253.175 no ip http server ! logging facility local5 logging 192.168.10.7 logging 192.168.10.13 access-list 1 permit 192.168.10.28 log snmp-server community DDILookout RO 1 snmp-server community DDIEnforce RW 1 snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart snmp-server enable traps chassis snmp-server enable traps module snmp-server enable traps casa snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps slb real virtual csrp snmp-server enable traps hsrp snmp-server enable traps entity snmp-server enable traps config-copy snmp-server enable traps fru-ctrl snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps bridge snmp-server enable traps stpx snmp-server enable traps flash insertion removal snmp-server enable traps rf snmp-server enable traps bgp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps syslog snmp-server enable traps rtr snmp-server enable traps dlsw snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps srp snmp-server enable traps sonet ! ! ! ! ! line con 0 exec-timeout 0 0 password 7 112C1A0D18465D390A232D2B3A3E login line vty 0 4 access-class 1 in password 7 03215803095B777940001F0A051F login transport input telnet ! ntp clock-period 17179782 ntp server 192.168.10.7 prefer ! end

ddi-6509#sh version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1) Technical Support:

formatting link
(c) 1986-2004 by cisco Systems, Inc. Compiled Sat 30-Oct-04 20:11 by yiyan Image text-base: 0x40008F90, data-base: 0x41B86000

ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1)

ddi-6509 uptime is 1 week, 3 days, 19 hours, 36 minutes Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 35 minutes System returned to ROM by power-on (SP by reload) System restarted at 15:26:57 EST Sun Oct 9 2005 System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K bytes of mem ory. Processor board ID SCA052900B1 R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software.

9 Virtual Ethernet/IEEE 802.3 interface(s) 144 FastEthernet/IEEE 802.3 interface(s) 20 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 227328K/34816K bytes of memory.

Configuration register is 0x2102

ddi-6509#sh version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1) Technical Support:

formatting link
(c) 1986-2004 by cisco Systems, Inc. Compiled Sat 30-Oct-04 20:11 by yiyan Image text-base: 0x40008F90, data-base: 0x41B86000

ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1)

ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36 minutes System returned to ROM by power-on (SP by reload) System restarted at 15:26:57 EST Sun Oct 9 2005 System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K bytes of mem ory. Processor board ID SCA052900B1 R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. switchport mode access spanning-tree portfast ! interface FastEthernet9/32 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/33 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/34 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/35 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/36 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/37 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/38 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/39 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/40 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/41 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/42 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/43 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/44 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/45 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/46 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/47 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface FastEthernet9/48 switchport switchport access vlan 5 switchport mode access spanning-tree portfast ! interface Vlan1 ip address 192.168.253.249 255.255.255.0 ipx network DCC6320 encapsulation SAP ! interface Vlan2 no ip address ! interface Vlan3 no ip address ! interface Vlan4 no ip address lan-name Building ! interface Vlan5 ip address 192.168.10.253 255.255.255.0 secondary ip address 192.168.10.36 255.255.255.0 no ip redirects ipx network DD8022A encapsulation SAP ! interface Vlan100 ip address 192.168.105.254 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan110 ip address 192.168.110.1 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan111 ip address 192.168.168.254 255.255.255.0 ip helper-address 192.168.10.42 ! interface Vlan112 ip address 192.168.160.1 255.255.255.0 ip helper-address 192.168.10.42 ! router rip network 192.168.10.0 network 192.168.105.0 network 192.168.160.0 network 192.168.168.0 network 192.168.253.0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.10.50 ip route 10.1.0.0 255.255.0.0 192.168.10.6 ip route 10.100.1.0 255.255.255.0 192.168.10.50 ip route 10.100.2.0 255.255.255.0 192.168.10.6 ip route 10.147.0.0 255.255.0.0 192.168.10.252 ip route 10.150.1.0 255.255.255.0 192.168.10.252 ip route 67.72.159.0 255.255.255.0 192.168.253.254 ip route 172.20.0.0 255.255.0.0 192.168.10.252 ip route 172.25.0.0 255.255.0.0 192.168.10.252 ip route 172.30.1.0 255.255.255.0 192.168.10.6 ip route 192.168.15.0 255.255.255.0 192.168.10.252 ip route 192.168.17.0 255.255.255.0 192.168.10.252 ip route 192.168.28.0 255.255.255.0 192.168.10.6 ip route 192.168.95.0 255.255.255.0 192.168.253.95 ip route 192.168.105.0 255.255.255.0 Vlan100 ip route 192.168.175.0 255.255.255.0 192.168.253.175 no ip http server ! logging facility local5 logging 192.168.10.7 logging 192.168.10.13 access-list 1 permit 192.168.10.28 log snmp-server community DDILookout RO 1 snmp-server community DDIEnforce RW 1 snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart snmp-server enable traps chassis snmp-server enable traps module snmp-server enable traps casa snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps slb real virtual csrp snmp-server enable traps hsrp snmp-server enable traps entity snmp-server enable traps config-copy snmp-server enable traps fru-ctrl snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd snmp-server enable traps envmon fan shutdown supply temperature status snmp-server enable traps bridge snmp-server enable traps stpx snmp-server enable traps flash insertion removal snmp-server enable traps rf snmp-server enable traps bgp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps syslog snmp-server enable traps rtr snmp-server enable traps dlsw snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps srp snmp-server enable traps sonet ! ! ! ! ! line con 0 exec-timeout 0 0 password 7 112C1A0D18465D390A232D2B3A3E login line vty 0 4 access-class 1 in password 7 03215803095B777940001F0A051F login transport input telnet ! ntp clock-period 17179782 ntp server 192.168.10.7 prefer ! end

ddi-6509#sh version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1) Technical Support:

formatting link
(c) 1986-2004 by cisco Systems, Inc. Compiled Sat 30-Oct-04 20:11 by yiyan Image text-base: 0x40008F90, data-base: 0x41B86000

ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1)

ddi-6509 uptime is 1 week, 3 days, 19 hours, 36 minutes Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 35 minutes System returned to ROM by power-on (SP by reload) System restarted at 15:26:57 EST Sun Oct 9 2005 System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K bytes of mem ory. Processor board ID SCA052900B1 R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software.

9 Virtual Ethernet/IEEE 802.3 interface(s) 144 FastEthernet/IEEE 802.3 interface(s) 20 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 227328K/34816K bytes of memory.

Configuration register is 0x2102

ddi-6509#sh version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1) Technical Support:

formatting link
(c) 1986-2004 by cisco Systems, Inc. Compiled Sat 30-Oct-04 20:11 by yiyan Image text-base: 0x40008F90, data-base: 0x41B86000

ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1)

ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36 minutes System returned to ROM by power-on (SP by reload) System restarted at 15:26:57 EST Sun Oct 9 2005 System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K bytes of mem ory. Processor board ID SCA052900B1 R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software.

9 Virtual Ethernet/IEEE 802.3 interface(s) 144 FastEthernet/IEEE 802.3 interface(s) 20 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 227328K/34816K bytes of memory.

Configuration register is 0x2102

Reply to
Dustin

sorry about that... somehow my clipboard grabbed all of that, and I did not notice that I pasted that all. For clarity, here it is, by itself:

ddi-6509#sh version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1) Technical Support:

formatting link
(c) 1986-2004 by cisco Systems, Inc. Compiled Sat 30-Oct-04 20:11 by yiyan Image text-base: 0x40008F90, data-base: 0x41B86000

ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTLDR: c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(23)E2, RELEASE SOFTWA RE (fc1)

ddi-6509 uptime is 1 week, 3 days, 19 hours, 37 minutes Time since ddi-6509 switched to active is 1 week, 3 days, 19 hours, 36 minutes System returned to ROM by power-on (SP by reload) System restarted at 15:26:57 EST Sun Oct 9 2005 System image file is "slot0:c6sup12-js-mz.121-23.E2.bin"

cisco WS-C6009 (R7000) processor (revision 2.0) with 112640K/18432K bytes of mem ory. Processor board ID SCA052900B1 R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software.

9 Virtual Ethernet/IEEE 802.3 interface(s) 144 FastEthernet/IEEE 802.3 interface(s) 20 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K). Standby is up Standby has 227328K/34816K bytes of memory.

Configuration register is 0x2102

Reply to
Dustin

I agree with you that config register looks okay.

I would open a case with the Cisco TAC.

Reply to
Merv

Hi Dustin

It seem's that the "mac-address-table notification mac-move" is in your config and the Cat doesn't support it with the actual IOS. Remove the statement in the config or upgrade. :-) Actually it's an interesting security feature which should notify you if a MAC address seems to flip between two ports, which is not usual, unless you have roaming users, for example with WLAN notebooks or so. For more details please check:

formatting link

Reply to
Roberto Giana

Thanks for the idea. It is not in the config, however. I get the message anytime I show the running-config, or write the running-config to nvram or tftp, or whenever I `show mac-address-table notification mac-move`. It is nowhere to be found in the config. The only thing I am now suspicious of is spanning-tree portfast stuff. Could that possibly be doing it?

Thanks, Dustin

Reply to
Dustin

Is it in the config if you tftp the running, and what the heck, the startup too off to a PC?

Maybe it is in there but IOS can't display it 'cos, ... have a guess.

It might be that it will go away if you tftp config off remove ofending command if present and then on again to startup.

You will need a backout plan and if it is not actually affecting anything why take the risk?

Reply to
anybody43

I had thought about that, and I examined in after copying it off via tftp. It is not in there either. It is really starting to bother me. I may just reload the switch tonight. I have to recover a password on a router, anyway.

Reply to
Dustin

Jep.. Maybee IOS doesn't display the feature because it's not supported, as it's writing on the console? :-)

Dustin: Did you allready try to enter "no mac-address-table notification mac-move" in the config? Maybe it reverts the feature in the running config.

BTW: Your IOS version 12.1(23)E2 is listed as deferred. I would suggest to upgrade at least to 12.1(23)E4. But keep in mind the flash and memory requirements.

Regarding your message I would suggest to have a detailed look at bug-id CSCee40403 at Cisco. Your IOS is also listed as affected. It says that your and former releases did a traceback when issuing the "show mac-addre..." command and that they "fixed" it by removing the feature and showing the message you read.

In my opinion your predecessor maybe tried to configure that feature and got also the same command and reverted it. That might be why you can't see it anymore. But some part of the IOS in the Cat still remembers it. Had already similar problems. The only way to make the Cat forget about that command was/might be to boot it. Had already a situation where such a thing could only be solved by powercycling the box. It's been a long time since where I stopped to ask about "Why?" or "How come?" when working with Cisco... ;-)

Reply to
Roberto Giana

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.