bkesting
asked on
TKIP errors on Cisco 1300 Aironet
I have a pair of 1300 series Aironet bridges that I use to connect two buildings approximately 3/4 of a mile apart. The line of sight is completely clear. In my logs I keep getting these messages repeatedly:
%DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x0) received from 0022.55c2.7b90
Eventually the two bridges stop communicating and I then reload the radio interface on the root bridge to get packets flowing again. I am looking for an explanation of the above message. I've done some reading that suggests there could be an attack on the network that would cause this, but based on my location I find this to be very, very unlikely. I tried changing the encryption method from TKIP to AES CCM. That got rid of the above error, but my throughput came crashing down to a crawl. When changing encryption methods is there something else I need to change in order to free up traffic between the two bridges? Why would the encryption method change the throughput of traffic?
Thanks for any help you can provide.
%DOT11-4-TKIP_MIC_FAILURE:
Eventually the two bridges stop communicating and I then reload the radio interface on the root bridge to get packets flowing again. I am looking for an explanation of the above message. I've done some reading that suggests there could be an attack on the network that would cause this, but based on my location I find this to be very, very unlikely. I tried changing the encryption method from TKIP to AES CCM. That got rid of the above error, but my throughput came crashing down to a crawl. When changing encryption methods is there something else I need to change in order to free up traffic between the two bridges? Why would the encryption method change the throughput of traffic?
Thanks for any help you can provide.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
WPA2/AES?
Overhead and hardware utilization are higher. You could be taking the hit from this.
Overhead and hardware utilization are higher. You could be taking the hit from this.
ASKER
Maybe, but I go from about 5 mbit on TKIP to about 128k when using AES
It's were I would start looking. Check resource utilization on the device(s) and try doing a sniff for fragmentation, etc.
ASKER
Accepted the wrong comment......
ASKER
Firmware upgarde partially solved my problem.
ASKER
Any reasoning why my throughput changed when I changed encryption from TKIP to AES CCM?