cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

7134
Views
14
Helpful
16
Replies
Beginner

CCMP not encrypted violation

After upgrading our three WLC 5508 to version 7.5.102.0, the security log in Prime is flooded with:

-------------------------------------

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

-----------------------------------------

The clients seems to connect without any problem though.

I have searched the support forum but haven't found anything about this. What is causing this messages ?

16 REPLIES 16
Beginner

CCMP not encrypted violation

For what is worth I am seeing the same errors since upgrading 7.5.102.0.

Re: CCMP not encrypted violation

you might want to open a TAC case

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Beginner

CCMP not encrypted violation

We're seing the same messages. I've gone ahead and opened a TAC case, as I couldn't find any reference to it in the bug navigator or documentation.

Beginner

CCMP not encrypted violation

Hi Tvoll.

Did you get any solution from the TAC team?

CCMP not encrypted violation

Hi

I got the same problem after upgrading to 7.5.102.0.

And my clients complain about lost connections

Any solution ??

Beginner

I have noticed that the issue

I have noticed that the issue is greatly diminished in version 7.6.130. I do not see hundreds of these messages a day anymore.

Highlighted
Beginner

CCMP not encrypted violation

Current solution from TAC: turn down the priority of those alarms (i.e. ignore.) Client MFP is proprietary extension.

http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html

and

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

are the informational links we were given.

Beginner

hi,vollHow to turn down the

hi,voll

How to turn down the priority of those alarms.

Beginner

I have a few of the same

I have a few of the same errors on 7.4.110. Has anyone investigated their clients?

Here is a good primer for MFP http://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/3200WirelessConfigGuide/ManageFrameProt.pdf

Remember, MFP is a two way street and not all on Cisco's side. The client, as in anything wireless has the most control on the access and actions. Maybe you don't want it used in your environment because you are running a bunch of WNICs that have no idea what an MFP is or how to deal with it? If so turn if off of the BSS. I did until we upgraded. Also, if you have it turned on without WPA2, turn it off as it is worthless because it is only for secure connections. 

Cisco Employee

CCMP not encrypted violation

MFP traps are expected where clients go into power save mode and in busy environments (CSCsr20434 ) . Since this is as expected, logs are filled with unwanted traps with no way to disable.

An ENH (Enhancement) request is filed to correct this.

https://cdetsng.cisco.com/webui/#view=CSCtd34834CSCtd34834 MFP traps can not be disabled, filling logs on LWAPP/CAPWAP platforms

CSCtd34834 is an enhancement request and fix has not been implemented yet, so still valid on 7.5 code. You can request your TAC case to be marked on this bug and accounts team to push for bug resolution from BU if service impacting.

Beginner

CCMP not encrypted violation

Went from 7.4 to 7.6- now getting flooded with these MFP alerts by the the thousands. Yee hah- never a dull moment with Cisco wireless updates.

CCMP not encrypted violation

We see issues with iPhones/iPads after 7.5 upgrade ( PEAP/MSCHAPV2 ) being disconnected and have to accept certificates again etc, I do see a lot of the MFP errors in the Prime log as well - can this MFP issue be a cause for disconnects of IOS7 devices ?

Hall of Fame Master

CCMP not encrypted violation

What you can try and what I have done is to disable MFP protection and see how that works.  Or else post your show wlan

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Beginner

Re: CCMP not encrypted violation

I'm curious about this, as well as OSX Mav users now getting bumped off.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards