LLDP Source MAC

[Crist Clark <cjc+nanog () pumpky net>]

Came across some endpoint behavior that caused some confusion with a MAC
authentication bypass (MAB) setup, and I was wondering if this is some kind
of well known behavior.

The endpoints (Pure storage arrays) are using the expected MAC addresses,
both fixed and a “virtual” shared MAC for 99.9% of the traffic.

The one exception is that the LLDP multicasts have a random-looking source
MAC. The source MAC has the non-unique bit flipped on.

Is this a well known type of behavior? Quick Google turned up some others
noticing this in very different devices. May be more wide spread, but how
often would people notice?