WLC 4.0.217.0 reporting Decrypt Errors

Unanswered Question
Jan 16th, 2008
User Badges:

Hi,


My customer is using Cisco WLC 4402 running 4.0.217.0 and is reporting that Wireless clients are getting disconnected and reconnected every half hour and when I check for the trapslog I get the following error messages.


Decrypt errors occurred for client 00:19:d2:76:2e:7e using WPA2 key on 802.11b/g interface of AP 0 0:1a:30:2e:c2:b0


AP's Interface:1(802.11a) Operation State Down: Base Radio :00:1a:30:2e:be:90 Cause=Heartbeat

Timeout


I have checked for known issues but couldn't find any pertaining the issue or error message.


Could someody help or share any info to find way out to troubleshoot as what is causing this issue.


Thanks in advance.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jsivulka Tue, 01/22/2008 - 10:14
User Badges:
  • Bronze, 100 points or more

Go into WCS or the WLC and go under Management and Trap Control. Uncheck the "WEP decrypt errors" box.


MichaelMarshall Wed, 02/13/2008 - 12:32
User Badges:

I am getting the same message. I tried turning off the WEP Decrypt Error check box, but am still getting the messages. I do not have any WEP clients on this VLAN, only EKG machines that are using WPA, TKIP with PSK. Does anyone have any other suggestions?

Scott Fella Sat, 02/16/2008 - 19:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I have seen that error also.... unless you are having issues, don't worry about it. You should be able to turn it off from the WLC... If you use WCS to turn it off then verify the check box is not checked in the WLC.

matthew.mckenna... Tue, 07/01/2008 - 09:56
User Badges:

so we are now after disabling PEAP fast reconnect seeing tons of these errors. this is the trigger point that started creating these messages. prior to the disabling of the PEAP fast reconnect, we had clients who anywhere from 10-60 minutes would get kicked off associations with their AP. then within 1-3 seconds a reconnect would occur. a cisco TAC case engineer recommended that we take off PEAP fast reconnect.


here is the snmp-trap logs from the controller and our controller is running the following:


Software Version 4.2.112.0

System Name XXXWLC01

Up Time 7 days, 20 hours, 28 minutes

System Time Tue Jul 1 12:54:54 2008

Internal Temperature +33 C

802.11a Network State Disabled

802.11b/g Network State Enabled

Default Mobility Group apples





log output:


Tue Jul 1 12:45:05 2008 Decrypt errors occurred for client 00:19:d2:60:a1:71 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:20

1 Tue Jul 1 12:44:34 2008 Decrypt errors occurred for client 00:1d:e0:74:3c:b5 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2d:1a:00

2 Tue Jul 1 12:44:33 2008 Decrypt errors occurred for client 00:16:6f:6b:38:23 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10

3 Tue Jul 1 12:44:13 2008 Client Association Failure: Client MAC Address:00:13:ce:c3:81:d3, AP Base Radio MAC:00:1c:f9:2d:1a:00, Slot: 0, Reason:Unspecified, ReasonCode: 1

4 Tue Jul 1 12:43:52 2008 Decrypt errors occurred for client 00:16:6f:96:f8:98 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:62:a0

5 Tue Jul 1 12:43:48 2008 Decrypt errors occurred for client 00:1d:e0:32:5b:cb using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:26:40

6 Tue Jul 1 12:43:33 2008 Decrypt errors occurred for client 00:15:00:22:d8:31 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:bf:d0

7 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:15:00:43:10:5a using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:97:c0

8 Tue Jul 1 12:43:28 2008 Decrypt errors occurred for client 00:19:d2:27:75:c0 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5b:50

9 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:cf:68:f1 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0

10 Tue Jul 1 12:43:19 2008 Decrypt errors occurred for client 00:18:de:d5:39:f2 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:cb:e0

11 Tue Jul 1 12:42:58 2008 Decrypt errors occurred for client 00:18:de:cf:85:0d using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:c3:00

12 Tue Jul 1 12:42:51 2008 Decrypt errors occurred for client 00:1d:e0:76:79:27 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:5e:80

13 Tue Jul 1 12:42:35 2008 Decrypt errors occurred for client 00:1b:77:0b:c0:d6 using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:78:c0

14 Tue Jul 1 12:42:33 2008 Decrypt errors occurred for client 00:1b:77:0b:d8:4f using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2e:60:10

15 Tue Jul 1 12:42:31 2008 Decrypt errors occurred for client 00:16:6f:8f:52:cc using WPA2 key on 802.11b/g interface of AP 00:1c:f9:2f:0c:f0

matthew.mckenna... Tue, 07/01/2008 - 09:58
User Badges:

fast reconnect was disabled on our appliance ACS server. the interesting other side of this is that we have two merged companies SSIDs on this controller governed by a NAC solution. the primary SSID does not have these issues while the other SSID does. seperate SSIDs, ACS servers. the laptops range from 2200 to 3945 intel nics from both sides of the company.


thanks,


matt m.

MMeitzner Wed, 05/26/2010 - 06:17
User Badges:

Hi,


I know that it is quite late to answer but I found another interesting fact:

https://www.cisco.com/en/US/ts/fn/200/fn29258.html

There you can find some sizes of package are getting corrupted for AP1121G and AP1231G and producing the same errors.

After trying to connect onto other APs i recognized that I can authenticate. Maybe the authentication request got exactly that size to get corrupted and making the Decrypt Error. I only recognized the problem on my PC but others were working correctly.


Hope it helps when somebody else got the same issue.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode