We have a 4402 controller using WPA 1 TKIP & 2 AES, and we are getting MIC Error counter measures on all AP's with clients connected.
Most clients are Intel, but I have tested with my Cisco card too, and the same thing occurs.....you are associated with an AP, then it forces the MIC counter measure, and forces all clients off for 60 seconds.
Is this a controller hardware issue? as its the same with a default config
Thanks for that....I managed to get this response from Cisco:
Per the WPA standard, if an AP should receive 2 or more MIC errored frames from a given client, then it is required to kick off all associated clients that are using TKIP and hold them off for 60 seconds.
The Intel clients are known to be susceptible to sending frames with MIC errors (so btw are 7920s, more rarely.) I believe that this problem has been fixed in the latest driver for the 2200/2915; unfortunately Intel has still not been able to fix the problem with its 3945/4965 clients. (We have not yet identified a client who is willing to sit still to let us troubleshoot this problem on a 3945.)
The workarounds for this problem, where you're getting hit by MIC errors from a client:
1. Use WPA2-AES instead of WPA-TKIP. It's a stronger crypto method and doesn't get MIC errors or have this 60-second holdoff thing.
2. Use dynamic WEP instead of WPA-TKIP. This is less appealing from a security standpoint, but may be the only way to go, if AES isn't an option (e.g. on the 7920.)
3. If you must use TKIP, then reduce the TKIP holdoff time (in violation of the spec) from 60 seconds to zero seconds:
aIOS: ap(config-if)#countermeasure tkip hold-time
WLC: config wlan security tkip hold-down
(this was implemented on the WLC in 4.1, via CSCsg56510)
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...