WIFI_SPOOFED_ARP_DETECTED

Patrick_Trainor · March 6, 2025, 6:59am

[mods: I have read the 2 other posts on this]

X7-35X (Various APs)
Out of 1,000 devices, it seems like 20-30 are creating this in the logs.
Who would spoof their own MAC?
Whole error (altered):

Spoofed ARP detected from Client [4E-14-CA-13-21-AC] Spoofed-MAC [4E-14-CA-13-21-AC] IP [IP of AP] on SSID [ABC-WiFi] Radio [2] count [1]

I need to figure out which this is:

Totally normal,
AP barfing on what it shouldn’t carp about,
AP barfing on what it should carp about, and I need to isolate/investigate clients, or…
Something else!

There is precious little here about this, and even filtering the logs doesn’t have this “Name”.
I’m thinking some comms from client, maybe during DHCP, is in some format the AP isn’t happy with?

Where to start?

TIA!

Springs · March 10, 2025, 4:38pm

!
wireless wlan 1
no dynamic-arp-inspection
!

Here is the code you need to put in user defined overides.

Patrick_Trainor · March 17, 2025, 1:34am

Sorry to ask for context, but a friend said this was for the firewall. Is that true?

Springs · March 17, 2025, 2:05am

The log fills up with these messages because everything uses fake Mac addresses these days.