[Fwd:] Nvidia NICs with duplicate mac addresses

Robert D. Scott robert at ufl.edu
Fri Sep 5 12:04:37 CDT 2008

The Marvel NIC presents the MAC as what we believe to be part of dot1x
negotiation. These were new Dells out of the box, not yet infected.  If we
disable dot1x on the NIC the problem goes away.


Cisco's Recommendation: Replace the NIC

Robert D. Scott                 Robert at ufl.edu
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Receptionist
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell

-----Original Message-----
From: Jon Kibler [mailto:Jon.Kibler at aset.com] 
Sent: Friday, September 05, 2008 12:56 PM
To: nanog at nanog.org
Cc: 'Robert E. Seastrom'
Subject: Re: [Fwd:] Nvidia NICs with duplicate mac addresses

Hash: SHA1

Robert D. Scott wrote:
> Does this MAC present itself all the time, or just during boot?
> Marvel makes a NIC prevalent in some Dell systems, that presents MAC
> 0c00.0000.0000 during its startup process. If you run port security, and
> several people boot their computer within the cam table expiration period,
> port security will disable the port. You can work around it but it is time
> consuming in large networks where port security are enabled.

I know that this doesn't apply here, but a year or so ago I had a client
that had issues with port security continually dropping an end user's
PC. The problem was the MAC address kept changing from Realtek to Cisco.
Sometimes the same NIC would present both MACs at the same time.

It turned out the box was apparently infected with something. Never
could find anything specific (even when booting the Windows box from
Knoppix and scanning for unusual files) except for some large ADS files
that where apparently encrypted. A clean wipe and complete rebuild of
the box fixed the problem.

- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the NANOG mailing list