[mods: I have read the 2 other posts on this]
X7-35X (Various APs)
Out of 1,000 devices, it seems like 20-30 are creating this in the logs.
Who would spoof their own MAC?
Whole error (altered):
Spoofed ARP detected from Client [4E-14-CA-13-21-AC] Spoofed-MAC [4E-14-CA-13-21-AC] IP [IP of AP] on SSID [ABC-WiFi] Radio [2] count [1]
I need to figure out which this is:
- Totally normal,
- AP barfing on what it shouldn’t carp about,
- AP barfing on what it should carp about, and I need to isolate/investigate clients, or…
- Something else!
There is precious little here about this, and even filtering the logs doesn’t have this “Name”.
I’m thinking some comms from client, maybe during DHCP, is in some format the AP isn’t happy with?
Where to start?
TIA!