Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MIC failure

I am running WPA/TKIP and WPA2/AES.

However, the users (TKIP and AES) keep get disconnect with the error MIC failure.

I thought there is a bug on TKIP to inject a frame and cause the radio went down. so we change the "config wlan security tkip hold-down 0 <id>" the problem still there

Please help

4 REPLIES
Silver

Re: MIC failure

This error message is printed when ever a packet with the message header fails the MIC check. This happens very rarely whenever the packets with error get past the MAC level. Also may happen during the transition phase of the encryption key change.

http://www.cisco.com/en/US/docs/ios/12_4t/wlan/configuration/guide/wlcgerr.html

Re: MIC failure

I guess your workaround does not work, because the client still gets disassociated. It will just reconnect, because the hold-time is set to zero. But setting the hold-time to zero won't disable the security feature (it's in the 802.11i Standard - you know).

When a MIC failure happens, the WLC has to:

- Generate a log message!

- If it's the second MIC failure within 60 seconds, the TKIP communication is shut down for seconds. After the , the AP forces the clients to do the 4-way handshake again. That forces the client to disconnect shortly.

New Member

Re: MIC failure

Try the following command in the config mode:

countermeasure tkip hold-time 0

Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/command/reference/cr38main.html#wpmkr2533551

I had the same problem earlier this week and that command was suggested by Cisco. It fixed that drop off problem.

New Member

Re: MIC failure

To us only way to solve this issue by disable tkip and enable AES only.

5596
Views
0
Helpful
4
Replies
CreatePlease to create content