This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Maclock Violation by Invalid Mac Address

Maclock Violation by Invalid Mac Address

Diogo_Rocha1
New Contributor II

‎08-10-2017 04:50 PM

We have all ports with maclock protection with no dynamic entries and violation enable.
All day we have violations with invalid mac addresses detected by switch.
Macs like 00:00:00:10:12:00. or AB:00:AB:00:11:11 and many others that doesnt have a valid vendor.
What causes this violations? virus? malware? cable?
can be a switch problem? negotiation?
How can switch port detects these macs?

Switchs Enterasys B5.

Tks for help.

2 REPLIES 2

Naoman_Ghani
New Contributor

‎11-01-2017 07:10 PM

We have seen this on ports where either the device NIC was defective or cabling was damaged.

We use maclock firstarrival to limit the number of mac addresses per port.

Also, we use macauth with radius server having a list of all MAC addresses and the vlans they are supposed to be assigned. Unknown mac addresses are put in an untrusted vlan.

0 Kudos

Matthew_Hum
Contributor

‎08-26-2017 04:17 PM

those MACs can occur for a number of reasons. Often some cheap vendors will not bother registering a MAC OUI and just choose one (this is usually seen in knockoff and cheap products from small vendors). Others might have registered and it's a new OUI that the switch doesn't recognize. Also it might be someone changing their mac either in an OS or driver/firmware.

the switch detects these MACs when the client sends in it's first frame. in the L2 header is the sender MAC address, which is then detected and learned on that port.

When you use maclock protection with no dynamic entries, then you need to specify the allowed mac for each port. hence any changed MAC or movement of your users or devices will trigger a violation.
0 Kudos
GTM-P2G8KFN