|
Refer to the document for configuring FortiSwitch security policies:
FortiSwitch security policies
When the wired client (laptop or desktop) tries to connect to the switch port, it is possible to see a fake MAC address in the time frame of authentication.
- The Fake MAC address will be 00:09:0f:xx:xx:xx (Fortinet vendor specific).
- The Fake MAC is a place-hold MAC before it authenticates with the real MAC address of the wired client.
- The MAC address will be seen only in the transition state of the MAB authentication and will disappear after authentication.
Example :
diagnose switch 802-1x status port7
Port7 : Mode: port-based (mac-by-pass enable)
Link: Link up
Port State: unauthorized: ( )
EAP auto-untagged-vlans : Enable
Dynamic Access Control List : Disable
Native Vlan : 1
Allowed Vlan list: 10,20,30
Untagged Vlan list:
Guest VLAN :
Auth-Fail Vlan :
AuthServer-Timeout Vlan :
Sessions info:
00:09:0f:xx:xx:xx =========> The fake MAC address. Type=802.1x,,state=AUTHENTICATING,etime=0,eap_cnt=0 params:reAuth=0
user="",security_grp="",fortinet_grp=""
|
