06-26-2009 06:46 AM - edited 07-03-2021 05:46 PM
Hi,
After seeing some TKIP-MIC errors for a few wireless clients and reading the benefits of AES over TKIP I switched our encryption to WPA-AES.
The majority of our clients have migrated well, however I am seeing a lot of decrypt errors on the wireless controllers.
"Decrypt errors occurred for client 00:21:63:ba:af:9f using WPA key on 802.11b/g interface of AP 00:1f:ca:82:c9:70"
It's not a particular machine, but rather a large number of them. They appear to be associating and authenticating but the trap log is filling quickly with a large number of these errors.
I'd prefer to stay with AES, but TKIP gave me a lot less errors.
We're using:
Cisco 4404 WLC's
Cisco 1131AG LWAPP's
RADIUS Authentication via Microsoft IAS
PEAP Authentication
WPA-AES
Thanks,
Rob
07-02-2009 04:44 AM
Wow, small world. I have the same behavior on my network.
I'm running the following...
-Cisco 1242's , LWAPP
-4402 WLC, 4.2.205.0
-MS IAS / RADIUS service
-Funk OAS RADIUS
-WPA2-AES
-PEAP MS-CHAPv2
07-07-2009 06:57 AM
I have seen this also, make sure your clients are running the latest version of the WLAN NIC drivers. We've found PEAP support to be improved with every new version of software.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide