We got hit with this today with a push to MS clients for SCCM.
With port-security on in the environment, basically with wake up proxy a host (A) can pretend to be another host (B) and spoof the MAC address of the host (A) setting off a port security violation. (affecting hundreds of clients, in our case)
if wake up proxy is configured in policy, consider to disable it, it's disabled by default.
if wake up proxy is not enabled in policy, If Wake On LAN in BIOS is enabled it will cause the same issue, consider to disable WoL in BIOS.
here's a decent write up
https://supportforums.cisco.com/discussion/11835361/mac-address-flapping-and-sccm-wake-proxy
Wow, thanks for the post. It looks like we don't have it active, which makes me a happy NAC'er.
Quote from: deanwebb on February 09, 2016, 12:48:45 PM
Wow, thanks for the post. It looks like we don't have it active, which makes me a happy NAC'er.
True, it does F'up NAC, but were are not there yet.
... who in the world thought of that? Why would you need proxy WoL? Is it really just to make other computers active so they can install software or am I misinterpreting this?
Quote from: Reggle on February 10, 2016, 01:21:36 AM
... who in the world thought of that?
Looks like Apple, according to patent #US20060253720, a google of inventors name Stuart D. Cheshire leads to Apple.
Quote from: Reggle on February 10, 2016, 01:21:36 AM
Is it really just to make other computers active so they can install software
Useful for printers when in sleep mode, that's the primary feature
waking up computers to install software looks like a later development.
Thanks to Google and Wikipedia for filling my brain with more useless info