issue: wireless client 64:27:37:9b:ed:97 spoofed the MAC of AP 18:ef:63:9b:bb:96 and trying to send data. Sure this wireless client is connected to the AP 18:ef:63:9b:bb:96 when the issue occured.

64:27:37:9b:ed:97, it is a culprit that causing this issue. 64:27:37 belong to hon hai(may be wireless client vendor for dell or something). Update the latest good known driver on those clients and you will be fine.

Wireless packet capture between the client and ap should prove the issue.

Salam Houssam,

The reason of the erros is that there are other access points that use your AP's mac address.

Reason:

Your AP's MAC address is being used by some other party and your WLC detects that the MAC address is being used by somebody else while it actually belongs to one of the APs joined to it.

This happens usually if there is another wireless system can your hear the signal from your wireless system. Some wireless systems use some security features by impersonating another (rogue) wireless system in neighbor.

What you can do:

- If you are using more than one WLC, mac sure they are all on same mobility and RF groups.

- If all WLCs under same mobility/RF groups, then try to look in neighbor of AP "APc84c.75f3.e51a" that detected the attack and find any other wireless systems around. If any exist then try to either remove them. If they it is a legitimate WLAN then ask the WLAN administrator to configure his systme not to harm your WLAN. This is configurable in the security features in that system.

HTH

Amjad

BTW, you can avoid any other system to impersonate your AP mac address by using MFP:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml#backinfo

Be careful if you want to configure MFP because some clients (especially old ones) may have problems to connect if it is configured.

HTH

Amjad

Hi,

please check the below post for the same query.

https://supportforums.cisco.com/discussion/10145656/ap-impersonation-alarms-wcs-4183