Classification: NATO UNCLASSIFIED - RELEASABLE FOR INTERNET TRANSMISSION
Ernie, we are looking into this. I think it is fantastic coincidence that we would get a random hex sequence that would actually spell something out. We have found four ports, all with HP printers behind them, that are giving us the occasional gibberish MAC address. Of course, they only way we know this is because we just turned on MAC locking. The one repeatable symptom we found on one of these printers is, it will not fragment large packets. If we send a packet over the MTU size, the ping fails. We believe this is a defect in the HP printer IP stack. It may have something to do with the errors we are seeing. I will be putting a network analyzer on this port from the printer location to see what, if any, errors we find. Regards, Jesse W. Ohlsson Engineer, Information Systems Administration NCSA Sector Mons, Customer Services Squadron B7010 SHAPE Belgium tel: +32-65-44-8518; NCN 254-8518 From: Eaton, Ernie [mailto:[email protected]] Sent: Monday, August 24, 2009 22:57 To: Enterasys Customer Mailing List Subject: RE: Antwort: [enterasys] MAC Locking, strange MAC addresses from HP jetdirect Looks like the printer might be sending out broke frames. One of those "MAC" addresses has text in it: 68 70 2d 50 43 4c = hp-PCL The following pkt dump came from an apple mailing lists archive http://lists.apple.com/archives/rendezvous-dev/2004/Aug/msg00024.html 0000 00 00 84 00 00 00 00 02 00 00 00 01 1d 48 4c 2d .............HL- 0010 31 32 37 30 4e 20 73 65 72 69 65 73 40 49 43 30 1270N ser...@ic0 0020 37 39 34 63 36 5f 55 53 42 32 0f 5f 70 64 6c 2d 794c6_USB2._pdl- 0030 64 61 74 61 73 74 72 65 61 6d 04 5f 74 63 70 05 datastream._tcp. 0040 6c 6f 63 61 6c 00 00 21 80 01 00 00 00 3c 00 11 local..!.....<.. 0050 00 00 00 00 23 8d 08 49 43 30 37 39 34 63 36 c0 ....#..IC0794c6. 0060 3f c0 0c 00 10 80 01 00 00 00 3c 00 d6 09 74 78 ?.........<...tx 0070 74 76 65 72 73 3d 31 08 71 74 6f 74 61 6c 3d 31 tvers=1.qtotal=1 0080 4a 70 64 6c 3d 61 70 70 6c 69 63 61 74 69 6f 6e Jpdl=application 0090 2f 70 6f 73 74 73 63 72 69 70 74 2c 61 70 70 6c /postscript,appl 00a0 69 63 61 74 69 6f 6e 2f 76 6e 64 2e 68 70 2d 50 ication/vnd.hp-P 00b0 43 4c 2c 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 CL,application/v 00c0 6e 64 2e 68 70 2d 50 43 4c 58 4c 12 74 79 3d 48 nd.hp-PCLXL.ty=H 00d0 4c 2d 31 32 37 30 4e 20 73 65 72 69 65 73 21 70 L-1270N series!p 00e0 72 6f 64 75 63 74 3d 28 42 72 6f 74 68 65 72 20 roduct=(Brother 00f0 48 4c 2d 31 32 37 30 4e 20 73 65 72 69 65 73 29 HL-1270N series) 0100 0b 70 72 69 6f 72 69 74 79 3d 32 30 1f 61 64 6d .priority=20.adm 0110 69 6e 75 72 6c 3d 68 74 74 70 3a 2f 2f 49 43 30 inurl=http://IC0 0120 37 39 34 63 36 2e 6c 6f 63 61 6c 2e 0d 54 72 61 794c6.local..Tra 0130 6e 73 70 61 72 65 6e 74 3d 54 08 42 69 6e 61 72 nsparent=T.Binar 0140 79 3d 54 c0 56 00 01 80 01 00 00 00 3c 00 04 a9 y=T.V.......<... 0150 fe 5c e From: [email protected] [mailto:[email protected]] Sent: Monday, August 24, 2009 10:52 AM To: Enterasys Customer Mailing List Subject: RE: Antwort: [enterasys] MAC Locking, strange MAC addresses from HP jetdirect Classification: NATO UNCLASSIFIED - RELEASABLE FOR INTERNET TRANSMISSION We've got a few A2s, but mostly 7H4284-49 DFE Platinum blades. We have maclock first-arrival set to zero. Each host is added as a static MAC entry for the port it is on. We did this by first learning the MAC addresses, then moving all dynamic entries to static entries. Then, we set the first-arrival on all ports to zero. The switches are performing exactly as expected. I am just curious if anyone else has seen these wild MAC addresses from HP printers and would like to confirm if it is the other network protocols that are active on the printer that causes it. In the meantime, we will see if our admins can shut down all unnecessary protocols on all printers. The goal here is to eliminate the false MAC Lock Violations. Regards, Jesse W. Ohlsson Engineer, Information Systems Administration NCSA Sector Mons, Customer Services Squadron B7010 SHAPE Belgium tel: +32-65-44-8518; NCN 254-8518 From: [email protected] [mailto:[email protected]] Sent: Monday, August 24, 2009 15:41 To: Enterasys Customer Mailing List Subject: Antwort: [enterasys] MAC Locking, strange MAC addresses from HP jetdirect Hi, what switch type do you use ? On our N3 and A2 nothing like this, but our configurationis is only maclock first arrival.... Cu Christian Janßen EK-T-SIT Telefon +49 2151 38-4711 Telefax +49 2151 38-3941 [email protected] Evonik Stockhausen GmbH Bäkerpfad 25 47805 Krefeld www.evonik.com <http://www.evonik.com/> Aufsichtsratsvorsitzender: Dr. Claus Rettig Geschäftsführung: Dr. Johannes Ohmer (Sprecher), Willibrord Lampen Sitz der Gesellschaft ist Krefeld Registergericht: Amtsgericht Krefeld; Handelsregister HRB 5791 This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender by telephone or return e-mail and delete the original transmission and its attachments without reading or saving in any manner. Thank you. <[email protected]> 24.08.2009 14:07 Bitte antworten an [email protected] An "Enterasys Customer Mailing List" <[email protected]> Kopie Thema [enterasys] MAC Locking, strange MAC addresses from HP jetdirect Classification: NATO UNCLASSIFIED - RELEASABLE FOR INTERNET TRANSMISSION Hello, We just engaged MAC locking across our whole network. We have seen a few strange MAC Lock violations from ports with HP Jetdirect printers connected to them. Here are the strange MAC addresses we got as violations: 2C 00 1B 78 EC 0B 68 70 2D 50 43 4C These addresses no not decode to any known manufacturer and are not the MAC addresses of the jetdirect cards. I think they are generated on IPX/SPX, or perhaps AppleTalk, which IS enabled unnecessarily on these printers. Has anyone else seen HP printers throw wierd MAC addresses like this? Jesse W. Ohlsson Engineer, Information Systems Administration NCSA Sector Mons, Customer Services Squadron B7010 SHAPE Belgium tel: +32-65-44-8518; NCN 254-8518 * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
