Cisco WLC (WPA-TKIP) & iPad's - WPA MIC Error

Discussion in 'Cisco' started by b_rizza, May 21, 2010.

  1. b_rizza

    b_rizza

    Joined:
    May 21, 2010
    Messages:
    1
    Cisco WLC [WPA][Auth(802.1X)] & iPad's - WPA MIC Error

    Just throwing this out there to see if anyone else has experienced the same issue. I’m running a Cisco WLC 4402/ACS/ (WPA-TKIP)+PEAP, etc… Over the last few days, clients have been complaining about connectivity issues to the WLAN’s. We have centralized WLC’s @ our HQ location w/ all LAP’s terminating back to the POP. Users began complaining about sporadic Wireless connectivity, primarily @ HQ. Wireless users would have adequate signal, then drop & lose connectivity altogether. Occasionally they would roam to another LAP & connectivity would reestablish though in most cases, they were dead in the water until they bounced their interface or the LAP itself was rebooted.

    Looking at the logs I started seeing numerous errors similar to the following:

    29 Thu May 20 11:03:29 2010 WPA MIC Error counter measure activated on Radio with MAC 00:19:07:XX:XX:XX and Slot ID 1. Station MAC Address is d8:30:62:XX:XX:XX and WLAN ID is 3.

    I sifted through the logs for this error which was primarily associated w/ hardware address: d8:30:62:XX:XX:XX which the coffer mac-address lookup recognized as Apple, Inc. I collected a list of Mac users from IT Support & spammed the site attempting to track the source user. (Mac-Address was not listed as a connected client via the WLC client log) Soon enough, there was a match & the match happened to be a recently acquired iPad. We started seeing other AP’s drop with matches once again to Apple Inc. traced again to... You Guessed it, other iPad’s.

    To temporarily remedy the situation, I disabled Message Integrity Check’s on each of the WLAN’s which has stabilized our Wireless Environment, less (MIC) which would be one less check for legitimate MITM attacks.

    Command used via CLI to the WLC:

    config wlan security tkip hold-down <0-60 seconds> <wlan id>

    I set for 0 seconds on each WLAN (requires disabling each WLAN individually via the WebUI or else the command execution will fail), followed by a “save config”. Don’t ask me if it actually writes this setting to the config since It’s nowhere to be found in the WebUI. I guess I’ll find out should we bounce this thing in the future. One thing to keep in mind, You CANNOT turn the MIC Check’s off in WLC’s versions older than version 4.1. We haven’t updated ours in quite awhile though we’re currently running 5.2.157.0 which worked out perfectly.

    Could it be a faulty wireless card on the iPad? Maybe… The fact that it affected multiple iPad’s causing failures on every AP on every floor would either point to a bad batch OR, more than likely a behavior/driver issue of the iPad itself. Great product in general though also doubles up as a sneaker-net DDoS for Cisco WLANs. Hopefully a fix will be found soon…

    Seacrest Out…
    Last edited: May 21, 2010
    b_rizza, May 21, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Timo

    TKIP MIC failures

    Timo, Mar 8, 2005, in forum: Cisco
    Replies:
    1
    Views:
    7,498
    Uli Link
    Mar 8, 2005
  2. Peter
    Replies:
    5
    Views:
    4,418
    Peter
    Apr 9, 2005
  3. Fernando Enriquez

    TKIP Michael MIC problems

    Fernando Enriquez, Jun 30, 2005, in forum: Cisco
    Replies:
    2
    Views:
    5,801
    Fernando Enriquez
    Jul 4, 2005
  4. d.azzopardi@caeuk.com

    Cisco WLC - WPA MIC Errors.....all AP's same syptoms

    d.azzopardi@caeuk.com, Jun 27, 2007, in forum: Cisco
    Replies:
    2
    Views:
    5,122
    Aaron Leonard
    Jun 28, 2007
  5. torey99
    Replies:
    1
    Views:
    559
    fruitbat
    Mar 6, 2009
Loading...

Share This Page