Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2559
Views
5
Helpful
2
Replies

AP1600 WPA-TKIP Clients Disconnect "Received TKIP Michael MIC failure"

infologic
Level 1
Level 1

‎09-17-2013 12:03 PM - edited ‎07-04-2021 12:51 AM

Hello

Before I used  AP 1240 on lot of site with WPA-TKIP without issue .

Today I try the AP1600 with WPA-TKIP but my clients are disconnected after 1 minute with the below messages

"

*Mar   1 04:19:46.125: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael  MIC failure report from the station c0d9.6241.09f9 on the packet  (TSC=0x0) encrypted and protected by group key."

So  At the same place and with the same Client, the same SSID  with AP1240  my clients works fine with AP1600 my clients are disconnected so it's  not an environmmental problem

My AP1600 is in the last IOS version and I tried the command  " countermeasure tkip hold-time 0" without succes

So for me There is a Bug with AP1600 in WPA-TKIP authentification.

Have You got an idea about this problem

Do you think there is a bug or not ?

Thanks

1 person had this problem
Labels:
0 Helpful
2 Replies 2

cisnerosk
Level 1
Level 1

‎10-22-2013 03:34 PM

Hello, I has been a while since you posted this issue, but I got it too, so maybe this will help somebody else.

I was getting this logs:

____________________________________________________________________________________________________

%DOT11-6-ASSOC: Interface Dot11Radio0, Station XXXX.XXXX.XXXX Associated KEY_MGMT[WPA]

Oct 22 17:04:38.370: %DOT11-4-TKIP_MIC_FAILURE_REPORT:Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.

Oct 22 17:04:39.978: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.

Oct 22 17:04:39.978: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 1 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.

Oct 22 17:04:39.978: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station XXXX.XXXX.XXXX Reason: Invalid MIC

Oct 22 17:04:39.978: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client

____________________________________________________________________________________________________

I made several test changing the configuration of the AP (I am not able to change de wlan profile of the machines), but none of them was successfull.

Then I made last two successful tests:

The firts thing I tried (as a suggestion by googling and TAC) was to use encryption AES (just AES, NOT AES+TKIP) and it worked good. I didnt get desconnected and anything, but the issue was that the AP is going to work with clients that have to use TKIP becuase the wlan profile on the machine cant be changed that easily for different reasons.

The last one was to go to another room where there is very few wlan signal noise around (where I was originaly testing the AP, there are a lot of SSIDs flying around).

And that was it, using TKIP on this new room work just perfect.

I hope this helps

Regards

Karla

troublestarter
Level 1
Level 1
In response to cisnerosk

‎06-25-2014 03:25 AM

i confirm !

 

Changing encryption mode doeas the trick.

 

AES+TKIP not good

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card