Hi All
I noticed a strange things regarding some access port on a 3550 switch.
I see two mac-address when I issue "sh mac-address-table " command, but the only connected resource is a server ! The first mac is the one of the server interface, the second has the same vendor code but does not correspond to any of server's mac address...
Has anyone ever happened a things like that ??
Regards
Giuseppe
Could be a virtual IP address with some kind of generated mac. When you do a show arp on the router with an | include , what IP does it show? Same IP or different IP? I'd then start looking from there.
Do you have some type of teaming setup? 1 could be the virtual, the other the physical.
Hi
No IP associated with the second MAC address...
Regards
Giuseppe
Trendkill ha scritto:
The problem is that I don't manage the server. The guy who manage the server says that there is no teaming, I have the output output of ifconfig command shows alla mac address and the second mac is not in the list of interfaces mac address...
Regards
Giuseppe
Brian V ha scritto:
Is it a VM server? Could be a mgmt interface. But since there is no IP, it isn't going anywhere in the network...probably nothing to worry about.
Giuseppe schrieb:
Perhaps the server has one of those newer Intel boards with firmware based remote management features. ISTR they implement that through a separate MAC address.
HTH T.
Tilman,
Is that a routable service/function (first time I've heard of it)? That may be the answer if its some kind of local management only, or has some kind of local function. If it doesn't have an IP in the router arp table though, it can't be anything that is routable. Unless of course it is for something that needs to be routable, but isn't configured, and still happens to be sending frames for some unknown reason.
You could mirror the port and run tcpdump/wireshark against it and see if there's any content to the frames.
It is using TCP/IP, yes. But it won't be configured with an IP address by default, so it may be sending DHCP Discover broadcast packets in order to obtain one, which would then show up in MAC forwarding tables but not in ARP tables.
I don't know too much about the details of that thingy, though, never having used it myself. The keywords to look up would be "vPro", "IAMT" (for "Intel Active Management Technology") or "IME" ("Intel Management Engine").
HTH T.
I know that the newer IBM servers have an IPMI MAC address for remote management capability on the server. So if your switch is IPMI aware, you'll see that second MAC address. The newest IBM servers have the capability of disabling this feature in the BIOS. Have your server guy try that. Otherwise there is an IBM utility to disable IPMI: brcm_fw_nic_1.0.0_windows_32-64.exe (there is a version for Linux I belive as well).
Brian
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.