We have all ports with maclock protection with no dynamic entries and violation enable.
All day we have violations with invalid mac addresses detected by switch.
Macs like 00:00:00:10:12:00. or AB:00:AB:00:11:11 and many others that doesnt have a valid vendor.
What causes this violations? virus? malware? cable?
can be a switch problem? negotiation?
How can switch port detects these macs?
those MACs can occur for a number of reasons. Often some cheap vendors will not bother registering a MAC OUI and just choose one (this is usually seen in knockoff and cheap products from small vendors). Others might have registered and it's a new OUI that the switch doesn't recognize. Also it might be someone changing their mac either in an OS or driver/firmware.
the switch detects these MACs when the client sends in it's first frame. in the L2 header is the sender MAC address, which is then detected and learned on that port.
When you use maclock protection with no dynamic entries, then you need to specify the allowed mac for each port. hence any changed MAC or movement of your users or devices will trigger a violation.