Yes I'm seeing the same alert on the controller but these are from clients who are not impersonating any mac address.

Tue May 10 09:58:15 2011    Impersonation of AP with Base Radio MAC 00:1f:ca:82:db:00 using source address of 00:25:d3:be:ec:13 has been detected by the AP with MAC Address: 00:1f:ca:82:db:00 on its 802.11b/g radio whose slot ID is 0

It's completely random across all 12 of my sites.

Hello,

We are having the exact same problem here, and I cannot figure out what the deal is.  I opened a TAC case on it a while back and received a cut and paste explaining what Assign/unassign/delete/clear/acknowledging the alarms does.

Did you ever find an answer to this?  We are running WCS 7.0.220.0 with WLC's at 7.0.116.0.  I too looked up the "impersonating" mac address, and so far everyone is just a normal client on the network.  Everything from a Blackberry to a laptop.

Aaron,

No answer yet.  I'm not sure what changed or if the environment I'm in just got more crowded (public schools in residential areas) but I'm see a lot more null and zero-length SSID errors as well as the occaisional jammer.

Everything so far appears to be false positives.  It's more of an annoyance than anything else at this point.

Rob

Same here - it would be awesome if somebody ran across this that had a definitive answer.  There has to be more people with the issue.  Right now I have 200 "Critical Alarms" - mostly the AP Impersonation alarms.

It really is an annoyance, especially since with that many, it's easy to overlook the important ones.  I don't remember when this started happening, but every upgrade I install I keep hoping it will get fixed.

I guess if I ever get to a point where I feel like wasting more time on it, I'll log another case and see what happens with it.

For what it's worth, we're having the same issue, false Impersonation alerts, after upgrading to 7.0.172.0. I'm beginning to think this isn't a coincidence...