Home > Wireless LAN > Monitoring and Reporting > Mitigating a Spoof

Mitigating a Spoof

Table of contents
No headers

A node will indicate a spoof if it detects another radio using the same SSID and MAC Address (spoofed). 

When a Spoof is seen, it will appear in Wireless > Monitor > Air Marshal on the Dashboard.

 

Spoofs cannot be contained or mitigated the same way a rogue or other SSID because you would be containing the Meraki network SSID as well. The only way to deal with a spoof is through a "Boots on the ground" approach. 

 

1. Start by determining which of the Access Points is being spoofed. The affected AP's MAC address can be seen under the spoof section of Monitor > Air Marshal on Dashboard (Figure 2).

2. When ready, Disable the particular AP being spoofed. Then, using a WI-FI scanner (such as inSSIDer) measure the signal strength of the SSID(Figure 3) and determine where it is strongest. This will require taking various strength measurements from multiple locations. This process will give a good idea of where the Spoofing device is located so appropriate actions can be taken to disconnect the device.

128da182-e911-443d-9e8c-4ccc87aeabf5

You must to post a comment.
Last modified
16:19, 26 Jul 2017

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community