From the image that was shared in the previous comment, the highlighted MAC address is the BSSID MAC that matches one of your own BSSID MACs broadcast from one of your Meraki APs. Placing this BSSID MAC on a blacklist could impact a client's ability to join your legitimate SSID as well. A Spoofed AP can only be found with a boots-on-the-ground approach so to say. https://documentation.meraki.com/MR/Monitoring_and_Reporting/Mitigating_a_Spoofed_AP If we place a MAC in the block list for containment it is not going to stop the rouge AP from being detected or broadcast it is going to send deauthentication requests when a client attempts to communicate with that BSSID MAC. https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal#Containment As for a rouge Radius server attempting to authenticate users, we'd need to further verify what radius server is observed to be rouge and compare that server's IP address to what was configured for the Radius SSID. APs will only send radius requests to the configured servers so If there was a rouge radius server observed there would also likely be a duplicate IP address attempting to impersonate a configured legitimate server. Meraki does not have a feature to only allow or block specific radius servers as the request is already only going to go to the specified radius serves it would not attempt to send a radius request to an address that is not configured. If you take a capture on the AP's wired interface and observe it sending raduis request to an address that is not configured on any SSID then a support case should be opened.
... View more