I live out in the middle of nowhere in Northern California. There isnt even Verizon signal.
I have 37 APs connected to a 250Mb fiber line and not a lot of people around us.
I have seen on my Air Marshall a few spoofing alerts recently. I have a hard time believing these are real.
In one case, it says there is AP spoofing happening and then the MAC address given doesn't even exist on my Here's what I see
Neither of those MAC addresses appear on my network and maybe they shouldn't. My APs are about 1/4 of a mile apart at most. Its a large campground/retreat center.
Any insights?
For the last week... This just seems nuts...
The MAC addresses are Meraki: https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Calculating_Cisco_Meraki_BSSID_MA...
They are likely yours and you should be able to find them in your dashboard to verify. It could be false positive, but I would think Meraki would know better than to flag one of it’s own..
Wow thanks man. That seems to be what is happening. All the MAC addresses of the "spoofs" roughly correspond to all my AP MAC addresses according to that key. So wild. Why would those be considered spoofs? So strange. The SSID spoof part I can't figure out tho.
I took a peek at your network. Are there any non Meraki APs in use anywhere on the property/connected to the same wired network?
There are not. I am sure. The property is so well covered and there isn't anybody who would need to use one. I even asked the other savvy guy on property and he said no and looked at me weird.
We have a couple Ubiquity wireless PtP shots but those have never been exposed to our wifi keys and are busy doing their own thing. Thats it.
I've seen other instances where non Meraki repeaters are in the network and it causes AP spoofs alerts
I believe you. And no network repeaters here. Plus a network repeater would need to be pulling a DHCP address right? It would need to be an active client, no? Otherwise if it were just a spoof it would be trying to convince my clients to join it but then it wouldn't offer any network connectivity or LAN access. Id have some pretty angry users. And wouldn't a spoof need to have credentials that my clients wouldn't be able to provide? Sounds like it would break things pretty noticeably.
There is no other real internet around us here and if any of my 60 something daily clients were having issues Id hear about it. I have all Macs and iOS.
sounds like this requires some on sight troubleshooting. i'd be happy to come stay a week and help out 😉
We have organic food and cheffing 7 days a week. Come on out and tell me why this is happening. I got you.