Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA MIC alert questions

I have a few questions regarding WPA MIC errors which I seem to encounter quite frequently on the wireless network that I operate.

I'm running on WCS version

On my WLANs, most of them are configured with WPA and WPA2, with both encryption types (TKIP and AES) checked. My auth key mgmt is PSK.

I'm in a university environment so unfortunately most of the laptops connecting to the wireless are personal machines.

My questions are as follows:

1. Does the above configuration sound ideal? I am unsure if it is wise to have both WPA and WPA2 with both encryptions enabled or not. Could this be a cause of the WPA MIC alerts?

2. Also, I seem to recall mention about being able to configure the hold-time when a client triggers the WPA MIC alert. Would it be a good idea to lower the number from a default of 60?


Re: WPA MIC alert questions

1)Message Integrity Check (MIC) incorporated in Wi-Fi Protected Access (WPA) includes a frame counter which prevents a man-in-the-middle attack. This error means someone in the network is trying to replay the message that was sent by the original client, or it might mean that the client is faulty. If a client repeatedly fails the MIC check, the controller disables that WLAN for 60 seconds as per the WPA protocol requirements. This prevents a possible attack on the encryption scheme. These MIC errors cannot be turned off on the controllers.

2)Use the "countermeasure tkip hold-time" configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.Default is 60 seconds which is a good value to be configured.If needed the time can be reduced.

CreatePlease to create content