Fortinet black logo

Administration Guide

MAC address exclusion

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:252689
Download PDF

MAC address exclusion

MAC address Exclusion allows you to add Microsoft LLTD Addresses and Multicast Addresses to a list of addresses that will be ignored when they connect to the network. If a device or host with one of these MAC addresses connects to the network, FortiNAC ignores the connection and allows the host or device onto the production network.

Excludes addresses within the IANA IPv4 multicast range 01:00:EE:00:00:00 to 01:00:5E:7F:FF:FF. This feature does not exclude addresses within the IANA IPv6 multicast range 33-33-00-00-00-00 to 33-33-FF-FF-FF-FF.

An event, "Found Ignored MAC address", is generated each time a host or device connects with a MAC address in this list. Configure an alarm for the event with email notification to alert Administrators. The event can also be disabled if notification is unnecessary.

Default settings

This feature is set by default to ignore Microsoft LLTD and Multicast MAC addresses indefinitely. When any MAC address connects that falls within either the Microsoft LLTD or Multicast address range FortiNAC does the following:

  • Creates a "Found Microsoft LLTD or Multicast Address" event and an alarm alerting the administrator that FortiNAC has seen a Microsoft LLTD or Multicast address on the network for the first time. This critical alarm warns administrators that if these addresses should continue to be ignored, they must configure the MAC address Exclusions list or the MAC addresses will be treated as rogues.
  • A timer is set that expires in 48 hours.
  • While that timer is active, FortiNAC continues to ignore Microsoft LLTD and Multicast MAC addresses. Events and alarms continue to be created for each connection from one of these MAC addresses.
  • If the administrator has not configured the MAC address Exclusions, when the 48 hour timer expires FortiNAC no longer ignores Microsoft LLTD and Multicast MAC addresses. FortiNAC creates rogues for each MAC address that connects, just as it would any other MAC address.
Note

Administrators can configure MAC address Exclusion at any time to include or exclude Microsoft LLTD and Multicast MAC addresses. As soon as settings have been modified, the default behavior described above stops and the new settings take effect.

Configure exclusion list

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select MAC address Exclusion from the tree.
  4. Use the Exclude Microsoft LLTD Addresses and Exclude Multicast Addresses check boxes to add or remove those ranges from the Address Range table.
  5. Changes are saved immediately.
Settings

Field

Definition

Exclude Microsoft LLTD Addresses

If enabled, adds the complete range of Microsoft LLTD MAC addresses to the Excluded MAC address Ranges table ensuring that the correct range has been entered.

Exclude Multicast Addresses

If enabled, adds the complete range of Multicast MAC addresses to the Excluded MAC address Ranges table ensuring that the correct range has been entered.

MAC address exclusion

MAC address Exclusion allows you to add Microsoft LLTD Addresses and Multicast Addresses to a list of addresses that will be ignored when they connect to the network. If a device or host with one of these MAC addresses connects to the network, FortiNAC ignores the connection and allows the host or device onto the production network.

Excludes addresses within the IANA IPv4 multicast range 01:00:EE:00:00:00 to 01:00:5E:7F:FF:FF. This feature does not exclude addresses within the IANA IPv6 multicast range 33-33-00-00-00-00 to 33-33-FF-FF-FF-FF.

An event, "Found Ignored MAC address", is generated each time a host or device connects with a MAC address in this list. Configure an alarm for the event with email notification to alert Administrators. The event can also be disabled if notification is unnecessary.

Default settings

This feature is set by default to ignore Microsoft LLTD and Multicast MAC addresses indefinitely. When any MAC address connects that falls within either the Microsoft LLTD or Multicast address range FortiNAC does the following:

  • Creates a "Found Microsoft LLTD or Multicast Address" event and an alarm alerting the administrator that FortiNAC has seen a Microsoft LLTD or Multicast address on the network for the first time. This critical alarm warns administrators that if these addresses should continue to be ignored, they must configure the MAC address Exclusions list or the MAC addresses will be treated as rogues.
  • A timer is set that expires in 48 hours.
  • While that timer is active, FortiNAC continues to ignore Microsoft LLTD and Multicast MAC addresses. Events and alarms continue to be created for each connection from one of these MAC addresses.
  • If the administrator has not configured the MAC address Exclusions, when the 48 hour timer expires FortiNAC no longer ignores Microsoft LLTD and Multicast MAC addresses. FortiNAC creates rogues for each MAC address that connects, just as it would any other MAC address.
Note

Administrators can configure MAC address Exclusion at any time to include or exclude Microsoft LLTD and Multicast MAC addresses. As soon as settings have been modified, the default behavior described above stops and the new settings take effect.

Configure exclusion list

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select MAC address Exclusion from the tree.
  4. Use the Exclude Microsoft LLTD Addresses and Exclude Multicast Addresses check boxes to add or remove those ranges from the Address Range table.
  5. Changes are saved immediately.
Settings

Field

Definition

Exclude Microsoft LLTD Addresses

If enabled, adds the complete range of Microsoft LLTD MAC addresses to the Excluded MAC address Ranges table ensuring that the correct range has been entered.

Exclude Multicast Addresses

If enabled, adds the complete range of Multicast MAC addresses to the Excluded MAC address Ranges table ensuring that the correct range has been entered.