I should also mention that the mystery mac addresses only exist in two VLANs on my network.
Original Message:
Sent: 11-21-2023 12:27
From: jatsb6
Subject: Switches flooded with mac learning of invalid addresses
This is what I was thinking as well, I'm just having trouble figuring out which switch it's coming from and how to stop it. I was thinking a firewall rule to capture and block anything that starts with 00:00:01:02 could help. There's nothing valid on my network in that mac range. But I don't know if that's possible.
Original Message:
Sent: 11-20-2023 17:34
From: Olivier Benghozi
Subject: Switches flooded with mac learning of invalid addresses
Yeah, 00:00:01 are allocated to Xerox... but that would make a lot of Xerox MACs. Do you have plenty of Xerox printers? :)
Anyway, as:
- the leaf EX discovers those MACs on its uplink port (so, this MAC is the Source MAC in received ethernet frames)
- but the uplink switch doesn't know about those MACs (so, it didn't switch such frames to the switch that learnt them)
...it might be possible to think about some kind of memory corruption / buggy JunOS somewhere (and the «00:00:01» wouldn't be meaningful at all in this case).
------------------------------
Olivier Benghozi
Original Message:
Sent: 11-20-2023 14:52
From: jmorrowCSTR
Subject: Switches flooded with mac learning of invalid addresses
00:00:01 is a Xerox OUI. The flags: 0x2001f are related to the mac being learned dynamically.
Original Message:
Sent: 11-17-2023 10:53
From: Unknown User
Subject: Switches flooded with mac learning of invalid addresses
Hello, I'm investigating a problem where I see constant mac learning on many of my access switches (EX2300 and EX3400 series). The mac addresses don't look valid to me, and they are in sequence. They are learned on the uplinks, but when I go to the core switch, which is the next hop in most cases, the core does not see any matches in the ethernet table or in the ARP table. Any ideas how to trace down where these mac addresses are originating?
Here's a sample of what I'm seeing:
@EX3400P> show ethernet-switching mac-learning-log
Fri Nov 17 15:47:50 2023 vlan_name Staff+7 mac 00:00:01:02:ee:0e was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:51 2023 vlan_name Staff+7 mac 00:00:01:02:29:04 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:51 2023 vlan_name Staff+7 mac 00:00:01:02:ee:0d was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:51 2023 vlan_name Staff+7 mac 00:00:01:02:75:7c was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:51 2023 vlan_name Staff+7 mac 00:00:01:02:96:90 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:51 2023 vlan_name Staff+7 mac 00:00:01:02:ee:0b was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:52 2023 vlan_name Staff+7 mac 00:00:01:02:6f:b6 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:52 2023 vlan_name Staff+7 mac 00:00:01:02:03:8b was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:52 2023 vlan_name Staff+7 mac 00:00:01:02:63:18 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:52 2023 vlan_name Staff+7 mac 00:00:01:02:92:37 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:53 2023 vlan_name Staff+7 mac 00:00:01:02:fc:66 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:53 2023 vlan_name Staff+7 mac 00:00:01:02:53:b2 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:53 2023 vlan_name Staff+7 mac 00:00:01:02:ee:08 was learned on xe-0/2/0.0 with flags: 0x2001f
Fri Nov 17 15:47:53 2023 vlan_name Staff+7 mac 00:00:01:02:29:02 was learned on xe-0/2/0.0 with flags: 0x2001f