Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CCMP not encrypted violation

After upgrading our three WLC 5508 to version 7.5.102.0, the security log in Prime is flooded with:

-------------------------------------

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

-----------------------------------------

The clients seems to connect without any problem though.

I have searched the support forum but haven't found anything about this. What is causing this messages ?

16 REPLIES
New Member

CCMP not encrypted violation

For what is worth I am seeing the same errors since upgrading 7.5.102.0.

Re: CCMP not encrypted violation

you might want to open a TAC case

Sent from Cisco Technical Support iPhone App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

CCMP not encrypted violation

We're seing the same messages. I've gone ahead and opened a TAC case, as I couldn't find any reference to it in the bug navigator or documentation.

New Member

CCMP not encrypted violation

Hi Tvoll.

Did you get any solution from the TAC team?

New Member

CCMP not encrypted violation

Hi

I got the same problem after upgrading to 7.5.102.0.

And my clients complain about lost connections

Any solution ??

New Member

I have noticed that the issue

I have noticed that the issue is greatly diminished in version 7.6.130. I do not see hundreds of these messages a day anymore.

New Member

CCMP not encrypted violation

Current solution from TAC: turn down the priority of those alarms (i.e. ignore.) Client MFP is proprietary extension.

http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html

and

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

are the informational links we were given.

New Member

hi,vollHow to turn down the

hi,voll

How to turn down the priority of those alarms.

New Member

I have a few of the same

I have a few of the same errors on 7.4.110. Has anyone investigated their clients?

Here is a good primer for MFP http://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/3200WirelessConfigGuide/ManageFrameProt.pdf

Remember, MFP is a two way street and not all on Cisco's side. The client, as in anything wireless has the most control on the access and actions. Maybe you don't want it used in your environment because you are running a bunch of WNICs that have no idea what an MFP is or how to deal with it? If so turn if off of the BSS. I did until we upgraded. Also, if you have it turned on without WPA2, turn it off as it is worthless because it is only for secure connections. 

Cisco Employee

CCMP not encrypted violation

MFP traps are expected where clients go into power save mode and in busy environments (CSCsr20434 ) . Since this is as expected, logs are filled with unwanted traps with no way to disable.

An ENH (Enhancement) request is filed to correct this.

https://cdetsng.cisco.com/webui/#view=CSCtd34834CSCtd34834 MFP traps can not be disabled, filling logs on LWAPP/CAPWAP platforms

CSCtd34834 is an enhancement request and fix has not been implemented yet, so still valid on 7.5 code. You can request your TAC case to be marked on this bug and accounts team to push for bug resolution from BU if service impacting.

New Member

CCMP not encrypted violation

Went from 7.4 to 7.6- now getting flooded with these MFP alerts by the the thousands. Yee hah- never a dull moment with Cisco wireless updates.

New Member

CCMP not encrypted violation

We see issues with iPhones/iPads after 7.5 upgrade ( PEAP/MSCHAPV2 ) being disconnected and have to accept certificates again etc, I do see a lot of the MFP errors in the Prime log as well - can this MFP issue be a cause for disconnects of IOS7 devices ?

Hall of Fame Super Silver

CCMP not encrypted violation

What you can try and what I have done is to disable MFP protection and see how that works.  Or else post your show wlan

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Re: CCMP not encrypted violation

I'm curious about this, as well as OSX Mav users now getting bumped off.

New Member

 Should be fixed in version

 

Should be fixed in version v8.0

BugID: CSCtd34834

 

https://tools.cisco.com/bugsearch/bug/CSCtd34834

 

Edit:

shankram already posted it :P

New Member

I've been flooded with the

I've been flooded with the same MFP anomaly trap "CCMP Not Encrypted" with the 7.6.120.0.

I still didn't upgrade to the wlc 8.0. I'm looking forward to solve this issue in the newer version.

 

Cheers

 

 

 

6773
Views
14
Helpful
16
Replies