Came across some endpoint behavior that caused some confusion with a MAC authentication bypass (MAB) setup, and I was wondering if this is some kind of well known behavior.<div dir="auto"><br></div><div dir="auto">The endpoints (Pure storage arrays) are using the expected MAC addresses, both fixed and a “virtual” shared MAC for 99.9% of the traffic. </div><div dir="auto"><br></div><div dir="auto">The one exception is that the LLDP multicasts have a random-looking source MAC. The source MAC has the non-unique bit flipped on.</div><div dir="auto"><br></div><div dir="auto">Is this a well known type of behavior? Quick Google turned up some others noticing this in very different devices. May be more wide spread, but how often would people notice?</div>