Hi Brett, Brett A. Karns wrote: > Our network has about 200 endpoints on it. However, under the ‘node’ > tab, I’m showing well over 1000 mac addresses. Does anybody know what > these mac addresses are? Most of the unknown ones begin with > 00:9e:0a:e8:01:e8:/xx:xx/ >
Are you sure the MAC is properly formatted? It already has six groups before the xx:xx. Taking only the 00:9e:0a portion, you can see that it was not assigned by IEEE.. MAC address spoofing maybe? Are the node registered? Is the OS detected? If it is, is it the same for all the thousands of nodes? PacketFence is very aggressive about recording MAC addresses but this comes at a cost of sometime having a lot of weird entries in the node table. For example, it could be a special VPN client that uses MAC addresses like these for some reason. If a trap is sent or RADIUS is called, the MAC will be recorded. Another way to track it down would be to monitor according to detect_date and try to find in what AP or switch-port it happened and check MAC activated around that time or simply go on site and see who / what's there. Sorry I can't help more than that. Cheers! -- Olivier Bilodeau obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Packetfence-users mailing list Packetfence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
