06-22-2009 05:37 PM - edited 07-03-2021 05:44 PM
Hi everybody,
I got this trap massage on WLC.
The client failed to communicate, it was still associated wiht WLC though.
the trap massage log is blow
"Decrypt errors occurred for client 00:40:96:ae:38:fe using unknown key on 802.11a interface of AP 00:16:9c:b8:9b:5"
My wirelss environmet is containing WLC2106(5.2) 1131AG, clinet using ADU(v4.4)
Thanks.
06-24-2009 08:23 AM
What is the configuration of the WLAN? WEP, WPA/TKIP, WPA2/AES? any EAP, or just PSK?
can you paste the output of :
show wlan x ( x = WLAN ID)
06-24-2009 09:45 PM
We use Dynamic wep key, EAP-TTLS / PEAP.
I attach the output.
WLAN Identifier.................................. 1
Profile Name..................................... kssl
Network Name (SSID).............................. kssl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.9.44 1812
Authentication................................ 10.10.9.45 1812
Accounting.................................... 10.10.9.44 1813
Accounting.................................... 10.10.9.45 1813
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Enabled
--More-- or (q)uit
Encryption:..................................... 104-bit WEP
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Disabled
Client MFP.................................... Optional but inactive (WPA2 no
t configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
Thank you.
06-26-2009 05:18 AM
those are superficial unless you are seeing actual client data throughput suffering or disconnects/reconnects frequentltly. this is supposed to be representative of the client not having or using the right decrypt keys during the data frame exchange/encryption. have you tried disabling the traps via the trap controls (wep decrypt errors) you can, if running s/w version equal or greater than 4.2.176 use the following command to disable them (whether using wpa2/aes 802.1x enterprise, and should for dynamic wep too,etc)
config trapflags 802.11-security wepDecryptError [enable/disable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide