LLDP Source MAC

• Previous message (by thread): Spoofer Report for NANOG for Jan 2022
• Next message (by thread): Fiber contractor in Washington state
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Came across some endpoint behavior that caused some confusion with a MAC
authentication bypass (MAB) setup, and I was wondering if this is some kind
of well known behavior.

The endpoints (Pure storage arrays) are using the expected MAC addresses,
both fixed and a “virtual” shared MAC for 99.9% of the traffic.

The one exception is that the LLDP multicasts have a random-looking source
MAC. The source MAC has the non-unique bit flipped on.

Is this a well known type of behavior? Quick Google turned up some others
noticing this in very different devices. May be more wide spread, but how
often would people notice?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220208/af3aa024/attachment.html>

• Previous message (by thread): Spoofer Report for NANOG for Jan 2022
• Next message (by thread): Fiber contractor in Washington state
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]