02-06-2009 06:31 AM - edited 07-03-2021 05:07 PM
I am running WPA/TKIP and WPA2/AES.
However, the users (TKIP and AES) keep get disconnect with the error MIC failure.
I thought there is a bug on TKIP to inject a frame and cause the radio went down. so we change the "config wlan security tkip hold-down 0 <id>" the problem still there
Please help
02-12-2009 04:16 PM
This error message is printed when ever a packet with the message header fails the MIC check. This happens very rarely whenever the packets with error get past the MAC level. Also may happen during the transition phase of the encryption key change.
http://www.cisco.com/en/US/docs/ios/12_4t/wlan/configuration/guide/wlcgerr.html
02-17-2009 11:43 AM
I guess your workaround does not work, because the client still gets disassociated. It will just reconnect, because the hold-time is set to zero. But setting the hold-time to zero won't disable the security feature (it's in the 802.11i Standard - you know).
When a MIC failure happens, the WLC has to:
- Generate a log message!
- If it's the second MIC failure within 60 seconds, the TKIP communication is shut down for
03-25-2009 11:38 AM
Try the following command in the config mode:
countermeasure tkip hold-time 0
Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
I had the same problem earlier this week and that command was suggested by Cisco. It fixed that drop off problem.
03-25-2009 11:43 AM
To us only way to solve this issue by disable tkip and enable AES only.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: