All APs show red in cnMaestro, but passing traffic...

Records here show the most recent forum post on this from ~5 years ago.

Using cnMaestro (online), all APs (X7-35X) are red/not sync’ing. But firewall and switch show traffic. They all go out at the same time, but nothing going on ad-hoc or scheduled.

Logs just say a bunch of “WIFI_SPOOFED_ARP_DETECTED > Spoofed ARP detected from Client [4E-E2-62-1D-11-F6] Spoofed-MAC [4E-E2-62-1D-11-F6] IP [192…”, among other clients, right before they all: “STATUS_DOWN; 02 Mar 2025, 02:47 PM;
Device is offline.”

We have 3 sites in this area, each w/Fortiswitch, and from 10 to 12 in each site. Rebooting switch does nothing.

Where to start?

P.S. Does anyone know OTTOTH what the ports/protocols used to call the mothership are? I could put explicits in or trace…

TIA!

Devices communicate with cnMaestro via standard HTTPS WebSockets (port 443).

Thanks! Now we just need to figure out how/why mac addresses are being changed to the same mac address, and why this triggers the cnMaestro logs (WIFI_SPOOFED_ARP_DETECTED)

Not my area of expertise at all, but I would start by looking at the DHCP server to see if it is handing out the same IP address to multiple devices somehow (or perhaps a misconfigured router that is mishandling DHCP messages).