Example log entries which could be indicative of the issue:
I 3 2019-02-15 13:27:13 GMT+01:00 30349 EAP: Reached MAC intruder count on Unit: 3 Port: 11
I 3 2019-02-15 13:27:13 GMT+01:00 30350 EAP: Mac Intruder - Unit: 3 Port: 11 MAC: 90:1b:0e:2a:09:61
As a result port 3/11 would change status to “Force Unauthorized”. This can happen for multiple ports, multiple switches. The “intruder” MAC addresses are legitimate – they belong to clients that are connected to the affected ports, and often times these clients are the only endpoints connected there (i.e. a single PC on a port).