Message Code | PIX-4-412001 |
Severity | Warning |
Description | MAC MAC_address moved from interface_1 to interface_2 |
Explanation | This message is generated when a host move is detected from one module interface to another. In a transparent Cisco ASA , mapping between the host (MAC) and Cisco ASA port is maintained in a Layer 2 forwarding table. The table dynamically binds packet source MAC addresses to a Cisco ASA port. In this process, whenever movement of a host from one interface to another interface is detected, this message is generated. |
User Action | The host move might be valid or the host move might be an attempt to spoof host MACs on other interfaces. If it is a MAC spoof attempt, you can either locate vulnerable hosts on your network and remove them or configure static MAC entries, which will not allow MAC address and port binding to change. If it is a genuine host move, no action is required. |
Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.