Recently we have been experiencing weird behaviour on some WIfi clients when connecting to our Network. As soon as they connect, after a few seconds they got disconnected. No credentials, signal, blacklist ,... issues here.
Checking Air Mashall i've noticed a Hidden rogue SSID that is broadcasting a good amount of MACs through all channels on 2.4 and 5 Ghz .
The fact that was bugging me is that the Wired MAC matches with a Client Imac ( that has an Atheros Chipset) , so seems that the client is acting as an antenna rather than a client.
Can it be a Wifi- PineApple device or am i totally off about this and there is nothing weird about that Rogue SSID entry?
Please check the image ...
Anyone can give me any educated guess about it ?
Thanks a lot .
Thaks for your comments !!
That VLAN 172 is the one where all the Wifi devices are assigned ( on one specific floor of our company) .
It is true that that MAC is from Ubiquity but there is also 184 other broadcasted MAC's, is that normal ??
The only Ubiquity devices on the building are on a different network, 3 floors below, but .....the device with that Wired MAC is right next to the Meraki AP .
To me seems that the "device" is spoofing different existing SSID MAC's by broadcasting them onto any available channel ...
Any other insights ?
I apologize for resurrecting this old post, but did anyone ever figure out what the issue was?
I basically have the same issue. A rogue AP with a hidden SSID, showing 2100 different broadcast MACs. This AP has been seen by almost all our APs across 4 floors. There are 2 wired MACs one for Meraki and the other for a users iMac. I checked the iMac, sharing is turned off, we also completely disabled the wifi and the rogue AP is still there.
I am out of ideas and am starting to wonder if its the Merakis themselves.
we have an iMac showing as a rouge AP too with 46 mac addresses, I've also checked sharing and the WiFi settings with no suspects found, did you get to the bottom of it?
I wonder if it is a false positive!