cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7372
Views
14
Helpful
16
Replies
Highlighted
Beginner

CCMP not encrypted violation

After upgrading our three WLC 5508 to version 7.5.102.0, the security log in Prime is flooded with:

-------------------------------------

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

MFP Anomaly Detected - 10 'CCMP Not Encrypted' violation(s) have

originated from the Client with MAC '04:f7:e4:d2:e7:11' while it was

associated to the BSS '84:78:ac:de:b4:3e'. This was detected by the

radio with Slot ID '1' of the AP with MAC '84:78:ac:de:b4:30' when

observing 'Association Response' frames.

-----------------------------------------

The clients seems to connect without any problem though.

I have searched the support forum but haven't found anything about this. What is causing this messages ?

16 REPLIES 16
Highlighted
Beginner

For what is worth I am seeing the same errors since upgrading 7.5.102.0.

Highlighted

you might want to open a TAC case

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Highlighted

We're seing the same messages. I've gone ahead and opened a TAC case, as I couldn't find any reference to it in the bug navigator or documentation.

Highlighted

Hi Tvoll.

Did you get any solution from the TAC team?

Highlighted

Hi

I got the same problem after upgrading to 7.5.102.0.

And my clients complain about lost connections

Any solution ??

Highlighted

I have noticed that the issue is greatly diminished in version 7.6.130. I do not see hundreds of these messages a day anymore.

Highlighted

Current solution from TAC: turn down the priority of those alarms (i.e. ignore.) Client MFP is proprietary extension.

http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html

and

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

are the informational links we were given.

Highlighted

hi,voll

How to turn down the priority of those alarms.

Highlighted

I have a few of the same errors on 7.4.110. Has anyone investigated their clients?

Here is a good primer for MFP http://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/3200WirelessConfigGuide/ManageFrameProt.pdf

Remember, MFP is a two way street and not all on Cisco's side. The client, as in anything wireless has the most control on the access and actions. Maybe you don't want it used in your environment because you are running a bunch of WNICs that have no idea what an MFP is or how to deal with it? If so turn if off of the BSS. I did until we upgraded. Also, if you have it turned on without WPA2, turn it off as it is worthless because it is only for secure connections. 

Highlighted
Cisco Employee

MFP traps are expected where clients go into power save mode and in busy environments (CSCsr20434 ) . Since this is as expected, logs are filled with unwanted traps with no way to disable.

An ENH (Enhancement) request is filed to correct this.

https://cdetsng.cisco.com/webui/#view=CSCtd34834CSCtd34834 MFP traps can not be disabled, filling logs on LWAPP/CAPWAP platforms

CSCtd34834 is an enhancement request and fix has not been implemented yet, so still valid on 7.5 code. You can request your TAC case to be marked on this bug and accounts team to push for bug resolution from BU if service impacting.

Highlighted
Beginner

Went from 7.4 to 7.6- now getting flooded with these MFP alerts by the the thousands. Yee hah- never a dull moment with Cisco wireless updates.

Highlighted

We see issues with iPhones/iPads after 7.5 upgrade ( PEAP/MSCHAPV2 ) being disconnected and have to accept certificates again etc, I do see a lot of the MFP errors in the Prime log as well - can this MFP issue be a cause for disconnects of IOS7 devices ?

Highlighted

What you can try and what I have done is to disable MFP protection and see how that works.  Or else post your show wlan

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Highlighted

I'm curious about this, as well as OSX Mav users now getting bumped off.