[cereal_cable]

A switched port learns the Mac address for packets sent into it. If port 1 sends a packet with Mac a, the switch associates that address (a) to port 1. When another node sends a packet onto another port with the same mac, say on port 2, the switch will move the learned address a to port 2 and remove it from port 1.

When a switch has learned a mac address all traffic destined to that traffic would be immediately switched to that port. If the switch has no record for that specific mac address it floods all ports except the ingress port. This is expensive and means other devices receive traffic that isn't intended for them so they waste time dropping it.

So in networks that have no protections against those attacks then this could very well be a problem if there are multiple access points and the two nodes are on different access points.

[withinboredom]

Except that this is a normal thing on wireless networks. A station may roam many times within a few minutes, and due to reflections, may even be in more than one place at a time.

[richardwhiuk]

I believe a UE is only ever attached to a single BSSID for a given SSID at a time.

[withinboredom]

Let me tell you about 2km, directional links and reflections one day, over a beer.