This error message is printed when ever a packet with the message header fails the MIC check. This happens very rarely whenever the packets with error get past the MAC level. Also may happen during the transition phase of the encryption key change.
I guess your workaround does not work, because the client still gets disassociated. It will just reconnect, because the hold-time is set to zero. But setting the hold-time to zero won't disable the security feature (it's in the 802.11i Standard - you know).
When a MIC failure happens, the WLC has to:
- Generate a log message!
- If it's the second MIC failure within 60 seconds, the TKIP communication is shut down for seconds. After the , the AP forces the clients to do the 4-way handshake again. That forces the client to disconnect shortly.
Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...