02-19-2008 06:58 PM - edited 07-03-2021 03:25 PM
Hi NetPro,
anyone who has encountered or seen this before ?
Error Msg - Two TKIP Michael MIC failures were detected within 0 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.
Warning Msg - Received TKIP Michael MIC failure report from the station 0019.d2be.fd3d on the packet (TSC=0x0) encrypted and protected by group key.
Warning Msg - Received TKIP Michael MIC failure report from the station 001b.7706.c63f on the packet (TSC=0x0) encrypted and protected by group key.
your reply will be higly appreciated.
thanks.
Regards,
Jack
02-19-2008 07:06 PM
You can find an explanation here:
http://cisco.com/en/US/docs/ios/12_4t/wlan/configuration/guide/wlcgerr.html
Error Message
DOT11-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected
within [number] seconds on [interface] interface. The interface will be put on MIC
failure hold state for next [number] seconds
Explanation Because MIC failures usually indicate an active attack on your network, the interface will be put on hold for the configured time. During this hold time, stations using TKIP ciphers are disassociated and cannot reassociate until the hold time ends. At the end of the hold time, the interface operates normally.
Recommended Action Michael MIC failures usually indicate an active attack on your network. Search for and remove potential rogue devices from your wireless LAN. If this is a false alarm and the interface should not be on hold this long, use the countermeasure tkip hold-time command to adjust the hold time.
02-19-2008 08:08 PM
Hi Fella,
thanks for your information, but would you mind to show / guide me how to do ?
your reply will be higly appreciated.
thanks.
regards,
Jack
02-20-2008 07:31 PM
Have you tried to use this command: countermeasure tkip hold-time????
countermeasure tkip hold-time
Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
countermeasure tkip hold-time seconds
Syntax Description
seconds
Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)
Defaults
TKIP holdtime is enabled by default, and the default holdtime is 60 seconds.
Command Modes
Configuration interface
02-06-2009 07:20 AM
Fella5,
Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)
is TKIP MIC hold is disabled or it does shutdown and come right back up....
I do see my user get disconnect and reconnect... and error message is MIC failure (WPA2/AES) user
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: