The CiscoWorks Wireless LAN Solution Engine (WLSE) has detected a spoofed MAC address. henever the Wireless Domain Services (WDS) detects an authentication taking place for a known MAC address, it verifies that the same user ID is being used. If the user ID does not match, the authentication is rejected and a fault is issued.
Why does the Client MAC Spoofing fault reappear after it has been cleared?
A. The WLSE raises faults for all clients identified by MIB ciscoWdsIdsMacSpoofClient (188.8.131.52.184.108.40.206.4220.127.116.11.1.3). It retains the history of all spoofed MAC addresses.
Because the WDS maintains the history of all spoofed MAC addresses, the WLSE raises the MAC spoofing fault during the poll cycle, even after the fault is cleared on the WLSE. If you have cleared the MAC spoofing condition in the network, you need to Acknowledge the fault on WLSE.
An entry from the WDS MIB is cleared when on of the following occurs:
–The WDS AP reaches the maximum number of events to hold for a reporting non-WDS AP. The maximum number is determined by the following MIBs: ciscoWdsIdsMaxMacAddresses and ciscoWdsIdsMaxEntriesPerMac.
–The WDS is unconfigured.
Note: When this fault is cleared, the No Wireless Client MAC Spoofing Detected message is displayed.
CiscoWorks Wireless LAN Solution Engine (WLSE)
Wireless Network Management
MAC address authentication (Media Access Control)
Wireless Devices Errors, Warnings, Statistics and Log Messages
Hello Experts, The configuration for malicious rogues that are discovered on wire is clearly explained with regards to setting the containment level. However when it comes to containment of Malicious rogues that are not discovered on wired, I do...
Cisco Access point 1142N-A-K9 is not joining controller giving below message.previously this AP was having static IP and was removed and kept and never used.i have done factory reset and now its not joining controller.Please assist, Thanks in advance.&nbs...
I've setup 1 x Controller and and 2 x APs. All of them are Cisco 3802 and all of them have same software 18.104.22.168 and Mobility Express capable. All of the APs are connected to same switch with and same access Vlan. These APs were bench tested and no...
Hi,There are several methods an Access Point can join the Wireless controller e.g DHCP option 43, DNS, AP HA tab etc. If an access point has joined a controller, how can we find which joining step was successfull for it join the controller ? Thanks.&...
Hi,In this Cisco youtube video, https://www.youtube.com/watch?v=8RAXFwVr-9c about site tags, at 1:58 there is a mention of using multiple site tags for load balancing and acceptable resource useage.Is there an issue with using the same Flex Profile o...