cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8252
Views
14
Helpful
16
Replies

CCMP not encrypted violation

s.hellman
Level 1
Level 1

After upgrading our three WLC 5508 to version 7.5.102.0, the security log in Prime is flooded with:

-------------------------------------

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

-----------------------------------------

The clients seems to connect without any problem though.

I have searched the support forum but haven't found anything about this. What is causing this messages ?

16 Replies 16

burkmajo10
Level 1
Level 1

For what is worth I am seeing the same errors since upgrading 7.5.102.0.

you might want to open a TAC case

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

We're seing the same messages. I've gone ahead and opened a TAC case, as I couldn't find any reference to it in the bug navigator or documentation.

Hi Tvoll.

Did you get any solution from the TAC team?

Hi

I got the same problem after upgrading to 7.5.102.0.

And my clients complain about lost connections

Any solution ??

I have noticed that the issue is greatly diminished in version 7.6.130. I do not see hundreds of these messages a day anymore.

Current solution from TAC: turn down the priority of those alarms (i.e. ignore.) Client MFP is proprietary extension.

http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html

and

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

are the informational links we were given.

hi,voll

How to turn down the priority of those alarms.

I have a few of the same errors on 7.4.110. Has anyone investigated their clients?

Here is a good primer for MFP http://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/3200WirelessConfigGuide/ManageFrameProt.pdf

Remember, MFP is a two way street and not all on Cisco's side. The client, as in anything wireless has the most control on the access and actions. Maybe you don't want it used in your environment because you are running a bunch of WNICs that have no idea what an MFP is or how to deal with it? If so turn if off of the BSS. I did until we upgraded. Also, if you have it turned on without WPA2, turn it off as it is worthless because it is only for secure connections. 

Shankar Ramanathan
Cisco Employee
Cisco Employee

MFP traps are expected where clients go into power save mode and in busy environments (CSCsr20434 ) . Since this is as expected, logs are filled with unwanted traps with no way to disable.

An ENH (Enhancement) request is filed to correct this.

https://cdetsng.cisco.com/webui/#view=CSCtd34834CSCtd34834 MFP traps can not be disabled, filling logs on LWAPP/CAPWAP platforms

CSCtd34834 is an enhancement request and fix has not been implemented yet, so still valid on 7.5 code. You can request your TAC case to be marked on this bug and accounts team to push for bug resolution from BU if service impacting.

lbadman
Level 1
Level 1

Went from 7.4 to 7.6- now getting flooded with these MFP alerts by the the thousands. Yee hah- never a dull moment with Cisco wireless updates.

We see issues with iPhones/iPads after 7.5 upgrade ( PEAP/MSCHAPV2 ) being disconnected and have to accept certificates again etc, I do see a lot of the MFP errors in the Prime log as well - can this MFP issue be a cause for disconnects of IOS7 devices ?

What you can try and what I have done is to disable MFP protection and see how that works.  Or else post your show wlan

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

I'm curious about this, as well as OSX Mav users now getting bumped off.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: