Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10652
Views
7
Helpful
4
Replies

Two TKIP Michael MIC failures were detected within 0 seconds on Dot11Radio0

ney25
Level 2
Level 2

‎02-19-2008 06:58 PM - edited ‎07-03-2021 03:25 PM

Hi NetPro,

anyone who has encountered or seen this before ?

Error Msg - Two TKIP Michael MIC failures were detected within 0 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.

Warning Msg - Received TKIP Michael MIC failure report from the station 0019.d2be.fd3d on the packet (TSC=0x0) encrypted and protected by group key.

Warning Msg - Received TKIP Michael MIC failure report from the station 001b.7706.c63f on the packet (TSC=0x0) encrypted and protected by group key.

your reply will be higly appreciated.

thanks.

Regards,

Jack

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎02-19-2008 07:06 PM

You can find an explanation here:

http://cisco.com/en/US/docs/ios/12_4t/wlan/configuration/guide/wlcgerr.html

Error Message

DOT11-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected

within [number] seconds on [interface] interface. The interface will be put on MIC

failure hold state for next [number] seconds

Explanation Because MIC failures usually indicate an active attack on your network, the interface will be put on hold for the configured time. During this hold time, stations using TKIP ciphers are disassociated and cannot reassociate until the hold time ends. At the end of the hold time, the interface operates normally.

Recommended Action Michael MIC failures usually indicate an active attack on your network. Search for and remove potential rogue devices from your wireless LAN. If this is a false alarm and the interface should not be on hold this long, use the countermeasure tkip hold-time command to adjust the hold time.

-Scott
*** Please rate helpful posts ***

ney25
Level 2
Level 2
In response to Scott Fella

‎02-19-2008 08:08 PM

Hi Fella,

thanks for your information, but would you mind to show / guide me how to do ?

your reply will be higly appreciated.

thanks.

regards,

Jack

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ney25

‎02-20-2008 07:31 PM

Have you tried to use this command: countermeasure tkip hold-time????

countermeasure tkip hold-time

Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.

countermeasure tkip hold-time seconds

Syntax Description

seconds

Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)

Defaults

TKIP holdtime is enabled by default, and the default holdtime is 60 seconds.

Command Modes

Configuration interface

-Scott
*** Please rate helpful posts ***
0 Helpful

stanleyworks
Level 1
Level 1
In response to Scott Fella

‎02-06-2009 07:20 AM

Fella5,

Specifies the length of the TKIP holdtime in seconds (if the holdtime is 0, TKIP MIC failure hold is disabled)

is TKIP MIC hold is disabled or it does shutdown and come right back up....

I do see my user get disconnect and reconnect... and error message is MIC failure (WPA2/AES) user

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card