Two TKIP Michael MIC failures were detected within 0 seconds on Dot11Radio0

Unanswered Question
Feb 19th, 2008
User Badges:

Hi NetPro,


anyone who has encountered or seen this before ?


Error Msg - Two TKIP Michael MIC failures were detected within 0 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.


Warning Msg - Received TKIP Michael MIC failure report from the station 0019.d2be.fd3d on the packet (TSC=0x0) encrypted and protected by group key.



Warning Msg - Received TKIP Michael MIC failure report from the station 001b.7706.c63f on the packet (TSC=0x0) encrypted and protected by group key.


your reply will be higly appreciated.


thanks.


Regards,

Jack

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Scott Fella Tue, 02/19/2008 - 19:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You can find an explanation here:


http://cisco.com/en/US/docs/ios/12_4t/wlan/configuration/guide/wlcgerr.html


Error Message


DOT11-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected

within [number] seconds on [interface] interface. The interface will be put on MIC

failure hold state for next [number] seconds


Explanation Because MIC failures usually indicate an active attack on your network, the interface will be put on hold for the configured time. During this hold time, stations using TKIP ciphers are disassociated and cannot reassociate until the hold time ends. At the end of the hold time, the interface operates normally.


Recommended Action Michael MIC failures usually indicate an active attack on your network. Search for and remove potential rogue devices from your wireless LAN. If this is a false alarm and the interface should not be on hold this long, use the countermeasure tkip hold-time command to adjust the hold time.

ney25 Tue, 02/19/2008 - 20:08
User Badges:

Hi Fella,


thanks for your information, but would you mind to show / guide me how to do ?


your reply will be higly appreciated.


thanks.


regards,

Jack

Scott Fella Wed, 02/20/2008 - 19:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Have you tried to use this command: countermeasure tkip hold-time????


countermeasure tkip hold-time

Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.


countermeasure tkip hold-time seconds


Syntax Description

seconds

Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)


Defaults

TKIP holdtime is enabled by default, and the default holdtime is 60 seconds.


Command Modes

Configuration interface



stanleyworks Fri, 02/06/2009 - 07:20
User Badges:

Fella5,


Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)


is TKIP MIC hold is disabled or it does shutdown and come right back up....


I do see my user get disconnect and reconnect... and error message is MIC failure (WPA2/AES) user

Actions

This Discussion