WIFI_SPOOFED_ARP_DETECTED

[mods: I have read the 2 other posts on this]

X7-35X (Various APs)
Out of 1,000 devices, it seems like 20-30 are creating this in the logs.
Who would spoof their own MAC?
Whole error (altered):

Spoofed ARP detected from Client [4E-14-CA-13-21-AC] Spoofed-MAC [4E-14-CA-13-21-AC] IP [IP of AP] on SSID [ABC-WiFi] Radio [2] count [1]

I need to figure out which this is:

  1. Totally normal,
  2. AP barfing on what it shouldn’t carp about,
  3. AP barfing on what it should carp about, and I need to isolate/investigate clients, or…
  4. Something else!

There is precious little here about this, and even filtering the logs doesn’t have this “Name”.
I’m thinking some comms from client, maybe during DHCP, is in some format the AP isn’t happy with?

Where to start?

TIA!

!
wireless wlan 1
no dynamic-arp-inspection
!

Here is the code you need to put in user defined overides.

Sorry to ask for context, but a friend said this was for the firewall. Is that true?

The log fills up with these messages because everything uses fake Mac addresses these days.