C-18
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Appendix C Error and Event Messages
802.11 Subsystem Messages
Error Message DOT11-4-CKIP_MIC_FAILURE: “CKIP MIC failure was detected on a packet
(Digest 0x%x) received from %e).”
Explanation
CKIP MIC failure was detected on a frame. A failure of the CKIP MIC in a received
packet almost indicates an active attack.
Recommended Action None.
Error Message DOT11-4-CKIP_REPLAY: “CKIP SEQ replay was detected on a packet (SEQ
0x&x) received from %e.”
Explanation
CKIP SEQ replay was detected on a frame. A replay of the CKIP SEQ in a received
packet almost indicates an active attack.”
Recommended Action None.
Error Message DOT11-4-TKIP_MIC_FAILURE: “Received TKIP Michael MIC failure report
from the station %e on the packet (TSC=0x%11x) encrypted and protected by %s key.”
Explanation
TKIP Michael MIC failure was detected from the indicated station on a unicast frame
decrypted locally with the indicated pairwise key.
Recommended Action A failure of the Michael MIC in a received packet might indicate an active
attack on your network. Search for and remove potential rogue devices from your wireless LAN.
This failure might also indicate a misconfigured client or a faulty client.
Error Message DOT11-4-TKIP_MIC_FAILURE_REPORT: “Received TKIP Michael MIC failure
report from the station %e on the packet (TSC=0x0) encrypted and protected by %s
key
Explanation
The access point received an EAPOL-key from the indicated station notifying the access
point that TKIP Michael MIC failed on a packet transmitted by this access point.
Recommended Action None.
Error Message DOT11-3-TKIP_MIC_FAILURE_REPEATED: “Two TKIP Michael MIC failures were
detected within %s seconds on %s interface. The interface will be put on MIC
failure hold state for next %d seconds”
Explanation
Two TKIP Michael MIC failures were detected within the indicated time on the
indicated interface. Because this usually indicates an active attack on your network, the interface
will be put on hold for the indicated time. During this hold time, stations using TKIP ciphers are
disassociated and cannot reassociate until the hold time ends. At the end of the hold time, the
interface operates normally.
Recommended Action MIC failures usually indicate an active attack on your network. Search for and
remove potential rogue devices from your wireless LAN. If this is a false alarm and the interface
should not be on hold this long, use the countermeasure tkip hold-time command to adjust the hold
time.