Cisco WLC - WPA MIC Errors.....all AP's same syptoms

Discussion in 'Cisco' started by d.azzopardi@caeuk.com, Jun 27, 2007.

  1. Guest

    We have a 4402 controller using WPA 1 TKIP & 2 AES, and we are getting
    MIC Error counter measures on all AP's with clients connected.

    Most clients are Intel, but I have tested with my Cisco card too, and
    the same thing occurs.....you are associated with an AP, then it
    forces the MIC counter measure, and forces all clients off for 60
    seconds.

    Is this a controller hardware issue? as its the same with a default
    config
     
    , Jun 27, 2007
    #1
    1. Advertising

  2. crashed Echelon writing
    news::

    > Most clients are Intel, but I have tested with my Cisco card too, and
    > the same thing occurs.....you are associated with an AP, then it
    > forces the MIC counter measure, and forces all clients off for 60
    > seconds.
    >
    > Is this a controller hardware issue? as its the same with a default
    > config


    I have seen this on different vendor equipment. We never found any real
    good explanation for the behaviour, but what it seemed like was clients
    with Intel 2200BG cards and running with Intel Wireless Client.

    With newer updated driver and Windows XPs own WIFI zero configuration
    client, the problematic clients seemed to go away.

    --
    Bjarke Andersen
     
    Bjarke Andersen, Jun 27, 2007
    #2
    1. Advertising

  3. ~ We have a 4402 controller using WPA 1 TKIP & 2 AES, and we are getting
    ~ MIC Error counter measures on all AP's with clients connected.
    ~
    ~ Most clients are Intel, but I have tested with my Cisco card too, and
    ~ the same thing occurs.....you are associated with an AP, then it
    ~ forces the MIC counter measure, and forces all clients off for 60
    ~ seconds.
    ~
    ~ Is this a controller hardware issue? as its the same with a default
    ~ config

    No, this is not a controller hardware nor even software issue. As far
    as I know, this behavior, which is mandated by the WPA standard, is always
    triggered by a client bug.

    To fix this problem, fix the clients.

    To work around this problem, use WPA2-AES rather than WPA1-TKIP.

    Another workaround, if running 4.1, is to configure the WLC to (in
    violation of the standard) reduce the countermeasure hold-down
    period:

    (Cisco Controller) >config wlan security tkip hold-down 0 ?

    <WLAN id> Enter WLAN Identifier between 1 and 16.

    Regards,

    Aaron
     
    Aaron Leonard, Jun 28, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Comwood
    Replies:
    8
    Views:
    920
    Aaron Leonard
    Jun 15, 2006
  2. torey99
    Replies:
    1
    Views:
    579
    fruitbat
    Mar 6, 2009
  3. scott owens
    Replies:
    1
    Views:
    535
    Doug McIntyre
    Feb 10, 2010
  4. bod43
    Replies:
    1
    Views:
    2,170
    bod43
    Feb 10, 2010
  5. b_rizza
    Replies:
    0
    Views:
    4,600
    b_rizza
    May 21, 2010
Loading...

Share This Page