[Fwd:] Nvidia NICs with duplicate mac addresses
Robert D. Scott
robert at ufl.edu
Fri Sep 5 12:04:37 CDT 2008
The Marvel NIC presents the MAC as what we believe to be part of dot1x
negotiation. These were new Dells out of the box, not yet infected. If we
disable dot1x on the NIC the problem goes away.
Cisco's Recommendation: Replace the NIC
Robert D. Scott Robert at ufl.edu
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Receptionist
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611 321-663-0421 Cell
From: Jon Kibler [mailto:Jon.Kibler at aset.com]
Sent: Friday, September 05, 2008 12:56 PM
To: nanog at nanog.org
Cc: 'Robert E. Seastrom'
Subject: Re: [Fwd:] Nvidia NICs with duplicate mac addresses
-----BEGIN PGP SIGNED MESSAGE-----
Robert D. Scott wrote:
> Does this MAC present itself all the time, or just during boot?
> Marvel makes a NIC prevalent in some Dell systems, that presents MAC
> 0c00.0000.0000 during its startup process. If you run port security, and
> several people boot their computer within the cam table expiration period,
> port security will disable the port. You can work around it but it is time
> consuming in large networks where port security are enabled.
I know that this doesn't apply here, but a year or so ago I had a client
that had issues with port security continually dropping an end user's
PC. The problem was the MAC address kept changing from Realtek to Cisco.
Sometimes the same NIC would present both MACs at the same time.
It turned out the box was apparently infected with something. Never
could find anything specific (even when booting the Windows box from
Knoppix and scanning for unusual files) except for some large ADS files
that where apparently encrypted. A clean wipe and complete rebuild of
the box fixed the problem.
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the NANOG