TKIP MIC failures

Discussion in 'Cisco' started by Timo, Mar 8, 2005.

  1. Timo

    Timo Guest

    Hey

    Ive got a few AP1200's that Ive just deployed. Most only have 1 or 2
    associations right now as Im ramping it up for production.

    Ive got 1 client an IBM laptop with an Intel 2200BG card that keeps
    causing these errors on the AP.

    %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure
    report from the station 000e.3568.a238 on the packet (TSC=0x0)
    encrypted and protected by pairwise key.

    I see these 1 every few minutes, sometimes it will happen more often
    and then the radio interface is put on hold and all my WPA clients are
    disassociated. All WPA clients diassociated is bad.

    %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were
    detected within 0 seconds on Dot11Radio0 interface. The interface will
    be put on MIC failure hold state for next 60 seconds.


    So I read some about these messages and they point to someone attackign
    my AP but these are being generated by MAC Addrs that are friendly.

    Heres the rundown on my setup, Cisco AP1200's IOS 12.3(2)JA configed
    for WPA \TKIP with a MS IAS RADIUS server backend.

    Anyone ever see these errors before ? Thanks

    Timo
     
    Timo, Mar 8, 2005
    #1
    1. Advertising

  2. Timo

    Uli Link Guest

    Timo schrieb:

    > Ive got 1 client an IBM laptop with an Intel 2200BG card that keeps
    > causing these errors on the AP.


    Update the drivers. Since the 2200BG uses even the CCX compatibility
    label, blame Intel for their drivers.

    > So I read some about these messages and they point to someone attackign
    > my AP but these are being generated by MAC Addrs that are friendly.

    ´
    Until now, a setup with WPA with 802.1x PEAP using TKIP/Michael can be
    considered safe.

    > Anyone ever see these errors before ? Thanks


    Not the same, but I remember that a Intel 2101B WLAN card wasn't able to
    use broadcast key rotation together with 802.1x. So I avoid Centrino and
    use cards with better drivers. Atheros based cards work fine.

    --
    Uli

    These opinions are mine. All found typos are yours.
     
    Uli Link, Mar 8, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Al Blake

    Set TKIP through a GPO?

    Al Blake, Oct 11, 2004, in forum: Wireless Networking
    Replies:
    4
    Views:
    3,616
    Joshua Teague [MSFT]
    Oct 21, 2004
  2. Rich D

    Can't share files with TKIP

    Rich D, Jun 28, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    485
    Rich D
    Jun 28, 2005
  3. Fernando Enriquez

    TKIP Michael MIC problems

    Fernando Enriquez, Jun 30, 2005, in forum: Cisco
    Replies:
    2
    Views:
    6,003
    Fernando Enriquez
    Jul 4, 2005
  4. torey99
    Replies:
    1
    Views:
    649
    fruitbat
    Mar 6, 2009
  5. b_rizza
    Replies:
    0
    Views:
    4,750
    b_rizza
    May 21, 2010
Loading...

Share This Page