@ZoloNN 

Yeah I get these sometimes and I dug down.  I found it was a multicast beacon some clients were sending out.  It was coming from a few clients.  

Some were hand scanners, which is weird.  I had few clients with "chatty" nics, replaced the nic and it stopped.  I know this is hardwired and your issue is wireless.  

Hi  @ZoloNN 

Thanks for posting here.

Is there any client plugged into the ETH port of the EAP615-wall units?

Did you search the MAC address C0-A8-20 in the logs? Is there any result?

ZoloNN wrote

hi all,

 

I found some strange entries in off-line client list since several weeks.

apparently something with random MAC tries to access my network via WiFi - traces are visible in offline client list:

 

what is strange:

• no IP assigned and no SSID info - apparently not associated with any WLAN
• Network shows default network
  • and AP/Port shows the PoE ports where only my EAP615-Wall(EU) v1.0 (with FW: 1.5.4)  are connected - not APs itself

 

and what is more strange:

• I cannot find anything in logs about the connection attempts........... 

 

please can someone explain to me what is going on and why there is nothing to find in logs?

 

hi @Vincent-TP,

as I wrote in my original post:

• only APs are on PoE ports, no daisy chaining - nothing connected to APs by cable
• nothing in logs with those MAC addresses

Vincent-TP wrote

Hi  @ZoloNN 

 

Thanks for posting here.

Is there any client plugged into the ETH port of the EAP615-wall units?

 

Did you search the MAC address C0-A8-20 in the logs? Is there any result?

Hi @GRL,

isn't the sniffing/scanning a passive operation - just listening?

if the controller gets the MAC - there must be obviously some connection attempt - probably attack attempt....

GRL wrote

 

Might be somehting trying to sniff the SSIDs, or something just consistently scanning for WiFi networks