Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1359
  • Last Modified:

TKIP errors on Cisco 1300 Aironet

I have a pair of 1300 series Aironet bridges that I use to connect two buildings approximately 3/4 of a mile apart.  The line of sight is completely clear.  In my logs I keep getting these messages repeatedly:

%DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x0) received from 0022.55c2.7b90

Eventually the two bridges stop communicating and I then reload the radio interface on the root bridge to get packets flowing again.  I am looking for an explanation of the above message.  I've done some reading that suggests there could be an attack on the network that would cause this, but based on my location I find this to be very, very unlikely.  I tried changing the encryption method from TKIP to AES CCM.  That got rid of the above error, but my throughput came crashing down to a crawl.  When changing encryption methods is there something else I need to change in order to free up traffic between the two bridges?  Why would the encryption method change the throughput of traffic?

Thanks for any help you can provide.

0
bkesting
Asked:
bkesting
  • 4
  • 3
1 Solution
 
atlas_shudderedSr. Network EngineerCommented:
First thoughts - check your IOS and upgrade to latest.  Otherwise, inteference - line of sight is always good but do you have any other radiators in the path injecting/overlapping - at the distances you are talking above, this is a very high possibility if you are in a geographiclly populated area.  Either could potentially kill your signal as the device could be reading it as an attack and placing the receiver into stand-off.  If you are absolutely sure that you are not being attacked, you can try to shutdown the stand off timer on the device(s).  The following link has a reasonable walkthrough of how to go about this:

http://i-sandbox.custhelp.com/app/answers/detail/a_id/10481/~/cisco-autonomous-ap's---configuring-countermeasure-tkip-hold-time



0
 
bkestingAuthor Commented:
Thanks for the information.  I will look into this.  I will upgrade firmware first.

Any reasoning why my throughput changed when I changed encryption from TKIP to AES CCM?

0
 
atlas_shudderedSr. Network EngineerCommented:
WPA2/AES?

Overhead and hardware utilization are higher.  You could be taking the hit from this.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
bkestingAuthor Commented:
Maybe, but I go from about 5 mbit on TKIP to about 128k when using AES

0
 
atlas_shudderedSr. Network EngineerCommented:
It's were I would start looking.  Check resource utilization on the device(s) and try doing a sniff for fragmentation, etc.
0
 
bkestingAuthor Commented:
Accepted the wrong comment......
0
 
bkestingAuthor Commented:
Firmware upgarde partially solved my problem.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now