cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3414
Views
0
Helpful
0
Comments
TCC_2
Advocate
Advocate

 

Introduction

The CiscoWorks Wireless LAN Solution Engine (WLSE) has detected a spoofed MAC address. henever the Wireless Domain Services (WDS) detects an authentication taking place for a known MAC address, it verifies that the same user ID is being used. If the user ID does not match, the authentication is rejected and a fault is issued.

Resolution

Why does the Client MAC Spoofing fault reappear after it has been cleared?

A. The WLSE raises faults for all clients identified by MIB ciscoWdsIdsMacSpoofClient (1.3.6.1.4.1.9.9.457.1.1.3.1.3). It retains the history of all spoofed MAC addresses.

Because the WDS maintains the history of all spoofed MAC addresses, the WLSE raises the MAC spoofing fault during the poll cycle, even after the fault is cleared on the WLSE. If you have cleared the MAC spoofing condition in the network, you need to Acknowledge the fault on WLSE.

An entry from the WDS MIB is cleared when on of the following occurs:

–The WDS AP reaches the maximum number of events to hold for a reporting non-WDS AP. The maximum number is determined by the following MIBs: ciscoWdsIdsMaxMacAddresses and ciscoWdsIdsMaxEntriesPerMac.

–The WDS is unconfigured.

Note: When this fault is cleared, the No Wireless Client MAC Spoofing Detected message is displayed.

Problem Type

Error message

Products

  • CiscoWorks Wireless LAN Solution Engine (WLSE)
  • Access point
  • Wireless Network Management

Security Options

MAC address authentication (Media Access Control)

Wireless Devices Errors, Warnings, Statistics and Log Messages

Client MAC Spoofing Detected on

Reference

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links