BladeSystem Virtual Connect
Showing results for 
Search instead for 
Did you mean: 

MAC Spoofing with Virtual Connect possible?

Trusted Contributor

MAC Spoofing with Virtual Connect possible?

Oliver had a security question for Virtual Connect fans:




Security question:


Is it technical possible to change the MAC address from a Blade where in the server profile are virtual WWNs assigned? Means that when someone tries to change the MAC with for example TMAC, is there an override mechanism from Virtual Connect flex 10 that would prevent the change?




Reply from Chris:




No.  If you change the MAC address of a host (like setting the Locally Administered Address), VC will allow that to happen.  However, there could be duplicate MAC addresses on the network if one were to do this.  We have had a few customers inquire about this capability with VC, but have not added it to the roadmap.  If you do have a customer that requires this capability, reach out to your regions Marketing Manager.


The LAA is only used when the driver loads within the OS.  During POST (i.e. if the server is going to PXE boot), the MAC address in the BIOS of the adapter will still be used.  I do not believe we have a mechanism within VCM that checks to see if the addresses have changed when a server reboots.  A Server Profile is only applied when it changes, not when the server reboots (I’m fairly positive that is the behavior, if memory serves me right.)




And from David:




I may be wrong, but the mechanics of the way it works to my understanding is that it would be possible to change the MAC address manually and it would remain that way until the blade reboots at which time VC would program the MAC address to the server’s profile.  And +1 on the cautions that Chris included…