Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
0
Helpful
2
Replies

Guest access is being spoofed

network1215
Level 1
Level 1

‎02-01-2018 01:00 PM - edited ‎07-05-2021 08:12 AM

our wifi guest access is getting spoofed and malicious attacks through the meraki APs that is masking itself as a meraki AP – the mac address is just similar the our AP but just one character is different.

 

how do I troubleshoot this scenario ?

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-01-2018 01:51 PM

Go "Wireless/Air Marshall" and "contain" the rogue AP.  This will prevent users attaching to it.

 

Also if you have not upgraded to 25.9 I would upgrade to that as well.  It was numerous improvements.

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎02-05-2018 12:12 PM

General approach!

Detect the source device to absolutely make sure its actual Rogue AP or Client with bad driver, otherwise we're following an incorrect target.

Once source confirmed and its neighbor/next door AP, just talk to them to disable containment, its violation to contain the rogues.

Client with bad driver can send packet as if it were an AP - Src/Dst traffic flipped by client causing unnecessary issues. in this case, we need to work with client vendor.

Check the performance impact - Many clients do ignore broadcast deauth. If spoofer sending bcast deauth and found no impact then there is no need to counter-attack.

Also, counter-attack/Rogue-containment will have impact on client connected to that containing AP-radio.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card