MIC failure

Unanswered Question
Feb 6th, 2009

I am running WPA/TKIP and WPA2/AES.

However, the users (TKIP and AES) keep get disconnect with the error MIC failure.

I thought there is a bug on TKIP to inject a frame and cause the radio went down. so we change the "config wlan security tkip hold-down 0 <id>" the problem still there

Please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Johannes Luther Tue, 02/17/2009 - 11:43

I guess your workaround does not work, because the client still gets disassociated. It will just reconnect, because the hold-time is set to zero. But setting the hold-time to zero won't disable the security feature (it's in the 802.11i Standard - you know).

When a MIC failure happens, the WLC has to:

- Generate a log message!

- If it's the second MIC failure within 60 seconds, the TKIP communication is shut down for seconds. After the , the AP forces the clients to do the 4-way handshake again. That forces the client to disconnect shortly.

wingchingleung Wed, 03/25/2009 - 11:38

Try the following command in the config mode:

countermeasure tkip hold-time 0

Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.


I had the same problem earlier this week and that command was suggested by Cisco. It fixed that drop off problem.

stanleyworks Wed, 03/25/2009 - 11:43

To us only way to solve this issue by disable tkip and enable AES only.


This Discussion