Skip to main content
Yosefw
Yosefw
Explorer
May 13, 2025
Question

Fortiswith blocking MAC addresses with unidentified OUI

  • May 13, 2025
  • 2 replies
  • 1466 views

HI,

 

I have experienced a very interesting problem.

I had a network device that was working fine when connected to using a computer or when connected via the FortiGate, however, when connecting via the FortiSwitch it would not work and the FortiSwitch would not even learn the MAC address (The interface was showing up and STP was changed to forwarding state properly).

After long time of troubleshooting i found that the MAC address on that network device could not be found in any OUI database. The manufacture created a new Firmware that corrected the MAC address and i was able to then use it via the FortiSwitch.

I'm trying to understand why the FortiSwitch was blocking it and if there is a log or something i could've seen it getting blocked. I was unable to find any relevant documentation. I'm not using any special security (No NAC, 802.1x authentication etc)

Using fortiswitch 148f-f with firmware 7.6.0

2 replies

GabrSoar
GabrSoar
New Member
May 14, 2025

Hi! Can you let me know which device it was?

Yosefw
YosefwAuthor
Explorer
May 14, 2025

My company hired a 3rd party company to manufacture a device for us so it's something custom.
A hint to explain (maybe) what happened is the MAC address that didn't work over the FortiSwitch started with A3 (10100011 (binary))
So a multicast and a locally administered address.

The question is how in the future i can see it easily on the FortiSwitch / confirm this is the problem?

ebilcari
Staff
ebilcari
Staff
May 30, 2025

I think this should be the standard behavior for all the switches, it can not learn a multicast MAC in a port and should drop the traffic.

I can not test it at the moment but I guess this event will be created 'Corrupt MAC packet detected'.

Emirjon
Yosefw
YosefwAuthor
Explorer
May 16, 2025

Bump :)

Terms & ConditionsAccessibility statement