Introduction
The CiscoWorks Wireless LAN Solution Engine (WLSE) has detected a spoofed MAC address. henever the Wireless Domain Services (WDS) detects an authentication taking place for a known MAC address, it verifies that the same user ID is being used. If the user ID does not match, the authentication is rejected and a fault is issued.
Resolution
Why does the Client MAC Spoofing fault reappear after it has been cleared?
A. The WLSE raises faults for all clients identified by MIB ciscoWdsIdsMacSpoofClient (1.3.6.1.4.1.9.9.457.1.1.3.1.3). It retains the history of all spoofed MAC addresses.
Because the WDS maintains the history of all spoofed MAC addresses, the WLSE raises the MAC spoofing fault during the poll cycle, even after the fault is cleared on the WLSE. If you have cleared the MAC spoofing condition in the network, you need to Acknowledge the fault on WLSE.
An entry from the WDS MIB is cleared when on of the following occurs:
–The WDS AP reaches the maximum number of events to hold for a reporting non-WDS AP. The maximum number is determined by the following MIBs: ciscoWdsIdsMaxMacAddresses and ciscoWdsIdsMaxEntriesPerMac.
–The WDS is unconfigured.
Note: When this fault is cleared, the No Wireless Client MAC Spoofing Detected message is displayed.
Problem Type
Error message
Products
- CiscoWorks Wireless LAN Solution Engine (WLSE)
- Access point
- Wireless Network Management
Security Options
MAC address authentication (Media Access Control)
Wireless Devices Errors, Warnings, Statistics and Log Messages
Client MAC Spoofing Detected on
Reference