Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP1600 WPA-TKIP Clients Disconnect "Received TKIP Michael MIC failure"

Hello

Before I used  AP 1240 on lot of site with WPA-TKIP without issue .

Today I try the AP1600 with WPA-TKIP but my clients are disconnected after 1 minute with the below messages

"

*Mar   1 04:19:46.125: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael  MIC failure report from the station c0d9.6241.09f9 on the packet  (TSC=0x0) encrypted and protected by group key."

So  At the same place and with the same Client, the same SSID  with AP1240  my clients works fine with AP1600 my clients are disconnected so it's  not an environmmental problem

My AP1600 is in the last IOS version and I tried the command  " countermeasure tkip hold-time 0" without succes

So for me There is a Bug with AP1600 in WPA-TKIP authentification.

Have You got an idea about this problem

Do you think there is a bug or not ?

Thanks

2 REPLIES
New Member

AP1600 WPA-TKIP Clients Disconnect "Received TKIP Michael MIC fa

Hello, I has been a while since you posted this issue, but I got it too, so maybe this will help somebody else.

I was getting this logs:

____________________________________________________________________________________________________

%DOT11-6-ASSOC: Interface Dot11Radio0, Station XXXX.XXXX.XXXX Associated KEY_MGMT[WPA]

Oct 22 17:04:38.370: %DOT11-4-TKIP_MIC_FAILURE_REPORT:Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.

Oct 22 17:04:39.978: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.

Oct 22 17:04:39.978: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 1 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.

Oct 22 17:04:39.978: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station XXXX.XXXX.XXXX Reason: Invalid MIC

Oct 22 17:04:39.978: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client

____________________________________________________________________________________________________

I made several test changing the configuration of the AP (I am not able to change de wlan profile of the machines), but none of them was successfull.

Then I made last two successful tests:

The firts thing I tried (as a suggestion by googling and TAC) was to use encryption AES (just AES, NOT AES+TKIP) and it worked good. I didnt get desconnected and anything, but the issue was that the AP is going to work with clients that have to use TKIP becuase the wlan profile on the machine cant be changed that easily for different reasons.

The last one was to go to another room where there is very few wlan signal noise around (where I was originaly testing the AP, there are a lot of SSIDs flying around).

And that was it, using TKIP on this new room work just perfect.

I hope this helps

Regards

Karla

New Member

i confirm ! Changing

i confirm !

 

Changing encryption mode doeas the trick.

 

AES+TKIP not good

1733
Views
5
Helpful
2
Replies
CreatePlease to create content