cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
311
Views
0
Helpful
2
Replies

WLSE and MAC spoofing

simon-hautier
Level 1
Level 1

Hello,

My WLSE has detected several Client MAC Spoofing.

I have some questions about:

- the type of the spoof:

MAC_spoof 19 for example.

What is the meaning of the index ?

- the Spoof User Id:

"Client MAC Spoofing Detected on [MAC address] , host/XXXXXXX and on AP"

Does the spoof user id refers to:

- the computer which has spoofed the displayed MAC address (the illegal one)

- or the computer which originally had this MAC address (the legal one) ?

Im wondering this because the spoofed MAC address only refers to a single computer in "Reports > Wireless Clients", even when the "Spoof User Id" refers to a "clean" computer (allowed in the network)

I didn't find much about this in the Cisco documentation.

Any help ?

thanks

2 Replies 2

rmushtaq
Level 8
Level 8

Hello,

Thanks for your answer.

Anyway, there is no explanation about the spoof index. I would like to know what refers to this index because, i have several errors, detected by the same AP with the same MAC address and the same spoof user id. The only difference between those errors is the spoof id.

Does someone know ?

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: