DescriptionIssue:
Multiple ports in the same production VLAN are switched to the
registration VLAN unexpectedly. Several minutes later, the ports switch
back to the appropriate VLAN. This behavior can occur if
Windows machines enabled for LLTD (Link Layer Topology Discovery) are
connected to the same VLAN. LLTD is used for mapping the wired or
wireless LAN to which the computer is connected. There are two
components: a Mapper and a Responder. The Mapper sends discovery
command packets onto the local network segment. Any Windows machines
with the Responder feature enabled will reply if a Mapper on the same
VLAN sends a request. Since the MAC address used for this protocol is
different than the MAC of the registered hosts's connected interface,
it's possible the MAC would be seen as a Rogue and cause a VLAN switch. For more information on this protocol go tohttps://en.wikipedia.org/wiki/Link_Layer_Topology_DiscoverySee alsoEnable or disable the LLTD Responder with Group Policyhttps://technet.microsoft.com/en-us/library/cc772308(v=ws.10).aspx
To determine if this is the cause of the VLAN switch:1. In the Administration UI, navigate to Logs > Connections2. Filter based on timeframe (starting just prior to the switch ports changing to registration VLAN).3. Add another filter based on Host Type (Rogue).3. Verify if the MAC address starts with 00:0D:3A. Configure the appliance to ignore MAC addresses used for LLTD.
1. Navigate to System > Settings > User/Host Management > MAC Address Exclusion.
2. Select the checkbox for Exclude Microsoft LLTD Addresses.
