Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Decrypt errors issue

Hi everybody,

I got this trap massage on WLC.

The client failed to communicate, it was still associated wiht WLC though.

the trap massage log is blow

"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"

My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)

Thanks.

3 REPLIES

Re: Decrypt errors issue

What is the configuration of the WLAN? WEP, WPA/TKIP, WPA2/AES? any EAP, or just PSK?

can you paste the output of :

show wlan x ( x = WLAN ID)

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Decrypt errors issue

We use Dynamic wep key, EAP-TTLS / PEAP.

I attach the output.

WLAN Identifier.................................. 1

Profile Name..................................... kssl

Network Name (SSID).............................. kssl

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Disabled

AAA Policy Override.............................. Disabled

Network Admission Control

NAC-State...................................... Disabled

Quarantine VLAN................................ 0

Number of Active Clients......................... 0

Exclusionlist.................................... Disabled

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ management

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

--More-- or (q)uit

Quality of Service............................... Silver (best effort)

WMM.............................................. Disabled

CCX - AironetIe Support.......................... Disabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ 10.10.9.44 1812

Authentication................................ 10.10.9.45 1812

Accounting.................................... 10.10.9.44 1813

Accounting.................................... 10.10.9.45 1813

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

Static WEP Keys............................... Disabled

802.1X........................................ Enabled

--More-- or (q)uit

Encryption:..................................... 104-bit WEP

Wi-Fi Protected Access (WPA/WPA2)............. Disabled

CKIP ......................................... Disabled

IP Security Passthru.......................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

H-REAP Local Switching........................ Disabled

H-REAP Learn IP Address....................... Enabled

Infrastructure MFP protection................. Disabled

Client MFP.................................... Optional but inactive (WPA2 no

t configured)

Tkip MIC Countermeasure Hold-down Timer....... 60

Mobility Anchor List

WLAN ID IP Address Status

------- --------------- ------

Thank you.

New Member

Re: Decrypt errors issue

those are superficial unless you are seeing actual client data throughput suffering or disconnects/reconnects frequentltly. this is supposed to be representative of the client not having or using the right decrypt keys during the data frame exchange/encryption. have you tried disabling the traps via the trap controls (wep decrypt errors) you can, if running s/w version equal or greater than 4.2.176 use the following command to disable them (whether using wpa2/aes 802.1x enterprise, and should for dynamic wep too,etc)

config trapflags 802.11-security wepDecryptError [enable/disable

763
Views
0
Helpful
3
Replies