09-17-2013 12:03 PM - edited 07-04-2021 12:51 AM
Hello
Before I used AP 1240 on lot of site with WPA-TKIP without issue .
Today I try the AP1600 with WPA-TKIP but my clients are disconnected after 1 minute with the below messages
"
*Mar 1 04:19:46.125: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure report from the station c0d9.6241.09f9 on the packet (TSC=0x0) encrypted and protected by group key."
So At the same place and with the same Client, the same SSID with AP1240 my clients works fine with AP1600 my clients are disconnected so it's not an environmmental problem
My AP1600 is in the last IOS version and I tried the command " countermeasure tkip hold-time 0" without succes
So for me There is a Bug with AP1600 in WPA-TKIP authentification.
Have You got an idea about this problem
Do you think there is a bug or not ?
Thanks
10-22-2013 03:34 PM
Hello, I has been a while since you posted this issue, but I got it too, so maybe this will help somebody else.
I was getting this logs:
____________________________________________________________________________________________________
%DOT11-6-ASSOC: Interface Dot11Radio0, Station XXXX.XXXX.XXXX Associated KEY_MGMT[WPA]
Oct 22 17:04:38.370: %DOT11-4-TKIP_MIC_FAILURE_REPORT:Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.
Oct 22 17:04:39.978: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC failure report from the station XXXX.XXXX.XXXX on the packet (TSC=0x0) encrypted and protected by group key.
Oct 22 17:04:39.978: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 1 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 60 seconds.
Oct 22 17:04:39.978: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station XXXX.XXXX.XXXX Reason: Invalid MIC
Oct 22 17:04:39.978: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client
____________________________________________________________________________________________________
I made several test changing the configuration of the AP (I am not able to change de wlan profile of the machines), but none of them was successfull.
Then I made last two successful tests:
The firts thing I tried (as a suggestion by googling and TAC) was to use encryption AES (just AES, NOT AES+TKIP) and it worked good. I didnt get desconnected and anything, but the issue was that the AP is going to work with clients that have to use TKIP becuase the wlan profile on the machine cant be changed that easily for different reasons.
The last one was to go to another room where there is very few wlan signal noise around (where I was originaly testing the AP, there are a lot of SSIDs flying around).
And that was it, using TKIP on this new room work just perfect.
I hope this helps
Regards
Karla
06-25-2014 03:25 AM
i confirm !
Changing encryption mode doeas the trick.
AES+TKIP not good
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide