08-18-2013 10:08 PM - edited 07-04-2021 12:40 AM
After upgrading our three WLC 5508 to version 7.5.102.0, the security log in Prime is flooded with:
-------------------------------------
MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have
originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was
associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the
radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when
observing 'Association Response' frames.
MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have
originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was
associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the
radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when
observing 'Association Response' frames.
-----------------------------------------
The clients seems to connect without any problem though.
I have searched the support forum but haven't found anything about this. What is causing this messages ?
08-20-2013 11:16 AM
For what is worth I am seeing the same errors since upgrading 7.5.102.0.
08-20-2013 03:54 PM
you might want to open a TAC case
Sent from Cisco Technical Support iPhone App
08-21-2013 08:22 AM
We're seing the same messages. I've gone ahead and opened a TAC case, as I couldn't find any reference to it in the bug navigator or documentation.
08-26-2013 11:08 PM
Hi Tvoll.
Did you get any solution from the TAC team?
09-26-2013 11:55 PM
Hi
I got the same problem after upgrading to 7.5.102.0.
And my clients complain about lost connections
Any solution ??
10-27-2014 08:17 AM
I have noticed that the issue is greatly diminished in version 7.6.130. I do not see hundreds of these messages a day anymore.
09-27-2013 07:03 AM
Current solution from TAC: turn down the priority of those alarms (i.e. ignore.) Client MFP is proprietary extension.
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html
and
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml
are the informational links we were given.
05-15-2014 08:20 PM
hi,voll
How to turn down the priority of those alarms.
07-02-2014 01:46 PM
I have a few of the same errors on 7.4.110. Has anyone investigated their clients?
Here is a good primer for MFP http://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/3200WirelessConfigGuide/ManageFrameProt.pdf
Remember, MFP is a two way street and not all on Cisco's side. The client, as in anything wireless has the most control on the access and actions. Maybe you don't want it used in your environment because you are running a bunch of WNICs that have no idea what an MFP is or how to deal with it? If so turn if off of the BSS. I did until we upgraded. Also, if you have it turned on without WPA2, turn it off as it is worthless because it is only for secure connections.
09-27-2013 03:33 PM
MFP traps are expected where clients go into power save mode and in busy environments (CSCsr20434 ) . Since this is as expected, logs are filled with unwanted traps with no way to disable.
An ENH (Enhancement) request is filed to correct this.
https://cdetsng.cisco.com/webui/#view=CSCtd34834CSCtd34834 MFP traps can not be disabled, filling logs on LWAPP/CAPWAP platforms
CSCtd34834 is an enhancement request and fix has not been implemented yet, so still valid on 7.5 code. You can request your TAC case to be marked on this bug and accounts team to push for bug resolution from BU if service impacting.
01-12-2014 10:33 AM
Went from 7.4 to 7.6- now getting flooded with these MFP alerts by the the thousands. Yee hah- never a dull moment with Cisco wireless updates.
01-15-2014 05:37 AM
We see issues with iPhones/iPads after 7.5 upgrade ( PEAP/MSCHAPV2 ) being disconnected and have to accept certificates again etc, I do see a lot of the MFP errors in the Prime log as well - can this MFP issue be a cause for disconnects of IOS7 devices ?
01-15-2014 07:12 AM
What you can try and what I have done is to disable MFP protection and see how that works. Or else post your show wlan
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-29-2014 12:41 PM
I'm curious about this, as well as OSX Mav users now getting bumped off.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide