Decrypt errors issue

Unanswered Question

Hi everybody,


I got this trap massage on WLC.


The client failed to communicate, it was still associated wiht WLC though.


the trap massage log is blow


"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"


My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)


Thanks.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Stephen Rodriguez Wed, 06/24/2009 - 08:23
User Badges:
  • Purple, 4500 points or more

What is the configuration of the WLAN? WEP, WPA/TKIP, WPA2/AES? any EAP, or just PSK?


can you paste the output of :


show wlan x ( x = WLAN ID)

We use Dynamic wep key, EAP-TTLS / PEAP.


I attach the output.


WLAN Identifier.................................. 1

Profile Name..................................... kssl

Network Name (SSID).............................. kssl

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Disabled

AAA Policy Override.............................. Disabled

Network Admission Control


NAC-State...................................... Disabled

Quarantine VLAN................................ 0

Number of Active Clients......................... 0

Exclusionlist.................................... Disabled

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ management

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

--More-- or (q)uit

Quality of Service............................... Silver (best effort)

WMM.............................................. Disabled

CCX - AironetIe Support.......................... Disabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ 10.10.9.44 1812

Authentication................................ 10.10.9.45 1812

Accounting.................................... 10.10.9.44 1813

Accounting.................................... 10.10.9.45 1813

Local EAP Authentication......................... Disabled

Security


802.11 Authentication:........................ Open System

Static WEP Keys............................... Disabled

802.1X........................................ Enabled

--More-- or (q)uit

Encryption:..................................... 104-bit WEP

Wi-Fi Protected Access (WPA/WPA2)............. Disabled

CKIP ......................................... Disabled

IP Security Passthru.......................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

H-REAP Local Switching........................ Disabled

H-REAP Learn IP Address....................... Enabled

Infrastructure MFP protection................. Disabled

Client MFP.................................... Optional but inactive (WPA2 no

t configured)

Tkip MIC Countermeasure Hold-down Timer....... 60


Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------





Thank you.




matthew.mckenna... Fri, 06/26/2009 - 05:18
User Badges:

those are superficial unless you are seeing actual client data throughput suffering or disconnects/reconnects frequentltly. this is supposed to be representative of the client not having or using the right decrypt keys during the data frame exchange/encryption. have you tried disabling the traps via the trap controls (wep decrypt errors) you can, if running s/w version equal or greater than 4.2.176 use the following command to disable them (whether using wpa2/aes 802.1x enterprise, and should for dynamic wep too,etc)


config trapflags 802.11-security wepDecryptError [enable/disable



Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode