Air Marshal "AP spoof" interfering with SSID connections?

Snika
Here to help

Air Marshal "AP spoof" interfering with SSID connections?

ap spoof.png
 
pc_log.png
 
We have a wireless connection constantly disconnecting.
 
Air Marshal "AP spoof" has many listings.
 
could this have something to do with it??
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

First thing you have to try to locate the source of your problem. If it's a rogue AP within your infrastructure, it's easier to solve, if it's something external, it's a little more complicated.
 
Is it only affecting 2.4Ghz or 5Ghz as well?
 
Take a look at this article.
 
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

We found and removed WIPS.
All issues have been resolved.
thank you

a5it
Getting noticed

Frequent disconnections from a wireless network can be caused by a variety of issues, and AP spoofing could indeed be one of them.

Air Marshal's "AP Spoof" alerts are triggered when the system detects another device broadcasting the same SSID as your network, which it perceives as a potential threat. This could cause disruptions to your wireless connectivity if clients are attempting to connect to the spoofed AP instead of the legitimate one.

Here's how you can approach this issue:

  1. Identify the Spoofing Device: Try to find the device that's causing the AP Spoof alerts. Air Marshal should provide some information about the device, such as its MAC address and the SSID it's broadcasting.

  2. Locate and Disable the Spoofing Device: If the spoofing device is within your control (for example, an old or misconfigured access point), you should disable it or correct its configuration.

  3. Increase Network Security: If the spoofing device isn't under your control, consider steps to increase your network's security. Enabling features like 802.1X authentication can help ensure that only authorized devices can connect.

  4. Air Marshal Containment: As a last resort, Meraki's Air Marshal feature can "contain" the spoofing device, preventing it from connecting to your network. Note that this should be used sparingly, as it may have legal implications depending on your jurisdiction.

  5. Check for Other Issues: If resolving the AP spoof alerts doesn't fix the disconnection issue, there may be other factors at play. These could include signal interference, network congestion, or issues with client devices. Tools like Meraki's Wireless Health feature can help diagnose these issues.

Snika
Here to help

We found and removed WIPS.
All issues have been resolved.
thank you

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels