Systems, methods, and related technologies including media access control (MAC) address spoofing detection are described. The MAC address spoofing detection and response may include accessing a first MAC address associated with a first communication on a first port of a first network device and accessing a second MAC address associated with a second communication on a second port of a second network device. Whether the first MAC address and the second MAC address match may be determined. Information associated with a third communication associated with the first MAC address on the first port of the first network device and information associated with a fourth communication associated with the second MAC address on the second port of the second network device may be accessed. An action may be performed associated with the second port of the second network device based on the second MAC address matching the first MAC address.