Frequent disconnections from a wireless network can be caused by a variety of issues, and AP spoofing could indeed be one of them.
Air Marshal's "AP Spoof" alerts are triggered when the system detects another device broadcasting the same SSID as your network, which it perceives as a potential threat. This could cause disruptions to your wireless connectivity if clients are attempting to connect to the spoofed AP instead of the legitimate one.
Here's how you can approach this issue:
Identify the Spoofing Device: Try to find the device that's causing the AP Spoof alerts. Air Marshal should provide some information about the device, such as its MAC address and the SSID it's broadcasting.
Locate and Disable the Spoofing Device: If the spoofing device is within your control (for example, an old or misconfigured access point), you should disable it or correct its configuration.
Increase Network Security: If the spoofing device isn't under your control, consider steps to increase your network's security. Enabling features like 802.1X authentication can help ensure that only authorized devices can connect.
Air Marshal Containment: As a last resort, Meraki's Air Marshal feature can "contain" the spoofing device, preventing it from connecting to your network. Note that this should be used sparingly, as it may have legal implications depending on your jurisdiction.
Check for Other Issues: If resolving the AP spoof alerts doesn't fix the disconnection issue, there may be other factors at play. These could include signal interference, network congestion, or issues with client devices. Tools like Meraki's Wireless Health feature can help diagnose these issues.
