Showing results for 
Search instead for 
Did you mean: 

The user receives a Client MAC Spoofing Detected error message on the WLSE and AP




The CiscoWorks Wireless LAN Solution Engine (WLSE) has detected a spoofed MAC address. henever the Wireless Domain Services (WDS) detects an authentication taking place for a known MAC address, it verifies that the same user ID is being used. If the user ID does not match, the authentication is rejected and a fault is issued.


Why does the Client MAC Spoofing fault reappear after it has been cleared?

A. The WLSE raises faults for all clients identified by MIB ciscoWdsIdsMacSpoofClient ( It retains the history of all spoofed MAC addresses.

Because the WDS maintains the history of all spoofed MAC addresses, the WLSE raises the MAC spoofing fault during the poll cycle, even after the fault is cleared on the WLSE. If you have cleared the MAC spoofing condition in the network, you need to Acknowledge the fault on WLSE.

An entry from the WDS MIB is cleared when on of the following occurs:

–The WDS AP reaches the maximum number of events to hold for a reporting non-WDS AP. The maximum number is determined by the following MIBs: ciscoWdsIdsMaxMacAddresses and ciscoWdsIdsMaxEntriesPerMac.

–The WDS is unconfigured.

Note: When this fault is cleared, the No Wireless Client MAC Spoofing Detected message is displayed.

Problem Type

Error message


  • CiscoWorks Wireless LAN Solution Engine (WLSE)
  • Access point
  • Wireless Network Management

Security Options

MAC address authentication (Media Access Control)

Wireless Devices Errors, Warnings, Statistics and Log Messages

Client MAC Spoofing Detected on


Content for Community-Ad