Currently, we have encountered a non-standard MAC address which we believe that it causes MAC address spoofing. All workstation were already checked if there are malware and virus. We have also MAC filtering using sticky command in CISCO. This will block all unknown MAC address in the said VLAN. We decided to disable the MAC filtering since we receive many calls for unblocking ports. We have discovered that Symantec has anti-MAC spoofing. We enabled it to figure out who is the source of MAC spoofing. When we enabled it, many workstations experienced disconnection to network. As workaround, we release and renew the IP address o restore network connection but proble still occurs. Any help? I also found events in the Event Viewer. The said event occured when I enabled anti-MAC spoofing. Please see details below.
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Time: 3:01:39 PM
User: NT AUTHORITY\NETWORK SERVICE
IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.