Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WCS Impersonation Error

Any idea on how to solve the below error on Cisco WCS:

"AP Impersonation of MAC '18:ef:63:9b:bb:96' using source MAC '64:27:37:9b:ed:97'  is detected by authenticated AP 'APc84c.75f3.e51a' on '802.11b/g' radio and Slot  ID '0'. "

Everyone's tags (2)
5 REPLIES
Hall of Fame Super Silver

WCS Impersonation Error

Here is a link to a support forum doc.  You can search the forum also as there are other post with he same thing your seeing.

https://supportforums.cisco.com/docs/DOC-3666

https://learningnetwork.cisco.com/thread/28472

-Scott
*** Please rate helpful posts ***
Cisco Employee

WCS Impersonation Error

issue: wireless client 64:27:37:9b:ed:97 spoofed the MAC of AP 18:ef:63:9b:bb:96 and trying to send data. Sure this wireless client is connected to the AP 18:ef:63:9b:bb:96 when the issue occured.

64:27:37:9b:ed:97, it is a culprit that causing this issue. 64:27:37 belong to hon hai(may be wireless client vendor for dell or something). Update the latest good known driver on those clients and you will be fine.

Wireless packet capture between the client and ap should prove the issue.

WCS Impersonation Error

Salam Houssam,

The reason of the erros is that there are other access points that use your AP's mac address.

Reason:

Your AP's MAC address is being used by some other party and your WLC detects that the MAC address is being used by somebody else while it actually belongs to one of the APs joined to it.

This happens usually if there is another wireless system can your hear the signal from your wireless system. Some wireless systems use some security features by impersonating another (rogue) wireless system in neighbor.

What you can do:

- If you are using more than one WLC, mac sure they are all on same mobility and RF groups.

- If all WLCs under same mobility/RF groups, then try to look in neighbor of AP "APc84c.75f3.e51a" that detected the attack and find any other wireless systems around. If any exist then try to either remove them. If they it is a legitimate WLAN then ask the WLAN administrator to configure his systme not to harm your WLAN. This is configurable in the security features in that system.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

WCS Impersonation Error

BTW, you can avoid any other system to impersonate your AP mac address by using MFP:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml#backinfo

Be careful if you want to configure MFP because some clients (especially old ones) may have problems to connect if it is configured.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
Bronze

Hi,please check the below

577
Views
0
Helpful
5
Replies
CreatePlease to create content