WCS issue

Unanswered Question
Apr 13th, 2009
User Badges:

I have an issue with a WCS log. I am receiving a MFP anomaly detected-1 Invalid sequence number message in my WCS and a coupple of radio interfaces of APs are constantly going down and up.

Could someone give an explanation for this issue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
runningboy01 Mon, 04/13/2009 - 11:54
User Badges:

I've seen the "MFP anomaly detected" before but never really researched it.

As for your interfaces of the APs going up and down, do you have RLDP (Rogue Location Discovery Protocal) turned on? If so, I believe that is why your interfaces are going up and down. If they are only going up and down for a brief milisecond that is likely why, I believe.

ariel.aguirre Mon, 04/13/2009 - 12:12
User Badges:

Yes, my radios interfaces are going up and down for a brief milisecond and it didn't happen in the past, this issue is recently.

dbentley Tue, 04/14/2009 - 11:20
User Badges:

The controller may generate "MFP Anomaly Detected" alarms, which are reported as 'Invalid MIC' events. The alarms may originate from many different valid APs.

This condition does not affect the operation of the access points. These messages can be normal in the course of AP operation,etc. and Cisco typically recommends that MFP be disabled so that it does not cause client issues since this is especially seen with older clients(or clients not having the most up to date drivers).

A workaround would be to disable and then re-enable the access points identified in the messages, or you can try and disable MFP validation on some of the APs, or disable Infrastructure MFP globally.

This can be done from the WLC GUI at Security->Wireless Protection Policies>AP Authentication/MFP, or by using the WLC CLI command: config wps mfp infrastructure disable

mkluemper Wed, 04/15/2009 - 07:42
User Badges:

I'm curious - you stated "and Cisco typically recommends that MFP be disabled" - where did you get that information? My understanding was that MFP should be enabled, and optional for the clients. currently running at this particular customer.

dbentley Wed, 04/15/2009 - 08:25
User Badges:

That was given to me directly from TAC. We are running 4.2.130 and 4.2.176 special.


This Discussion