cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1308
Views
0
Helpful
3
Replies

Decrypt errors issue

java70
Level 1
Level 1

Hi everybody,

I got this trap massage on WLC.

The client failed to communicate, it was still associated wiht WLC though.

the trap massage log is blow

"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"

My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)

Thanks.

3 Replies 3

Stephen Rodriguez
Cisco Employee
Cisco Employee

What is the configuration of the WLAN? WEP, WPA/TKIP, WPA2/AES? any EAP, or just PSK?

can you paste the output of :

show wlan x ( x = WLAN ID)

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

We use Dynamic wep key, EAP-TTLS / PEAP.

I attach the output.

WLAN Identifier.................................. 1

Profile Name..................................... kssl

Network Name (SSID).............................. kssl

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Disabled

AAA Policy Override.............................. Disabled

Network Admission Control

NAC-State...................................... Disabled

Quarantine VLAN................................ 0

Number of Active Clients......................... 0

Exclusionlist.................................... Disabled

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ management

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

--More-- or (q)uit

Quality of Service............................... Silver (best effort)

WMM.............................................. Disabled

CCX - AironetIe Support.......................... Disabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ 10.10.9.44 1812

Authentication................................ 10.10.9.45 1812

Accounting.................................... 10.10.9.44 1813

Accounting.................................... 10.10.9.45 1813

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

Static WEP Keys............................... Disabled

802.1X........................................ Enabled

--More-- or (q)uit

Encryption:..................................... 104-bit WEP

Wi-Fi Protected Access (WPA/WPA2)............. Disabled

CKIP ......................................... Disabled

IP Security Passthru.......................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

H-REAP Local Switching........................ Disabled

H-REAP Learn IP Address....................... Enabled

Infrastructure MFP protection................. Disabled

Client MFP.................................... Optional but inactive (WPA2 no

t configured)

Tkip MIC Countermeasure Hold-down Timer....... 60

Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------

Thank you.

those are superficial unless you are seeing actual client data throughput suffering or disconnects/reconnects frequentltly. this is supposed to be representative of the client not having or using the right decrypt keys during the data frame exchange/encryption. have you tried disabling the traps via the trap controls (wep decrypt errors) you can, if running s/w version equal or greater than 4.2.176 use the following command to disable them (whether using wpa2/aes 802.1x enterprise, and should for dynamic wep too,etc)

config trapflags 802.11-security wepDecryptError [enable/disable

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: