Yep… that’s TKIP countermeasures alright. Some would suggest disabling the countermeasures, but I’m not sure that’s always a good idea. The MIC only provides weak protection against forgeries, etc and countermeasures are really the only way to defend against a determined bad guy.
The devices that you list are all capable of CCMP-AES. Is there a legacy/compatibility reason that you’ve still got TKIP enabled? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Joe Roth Sent: Friday, March 27, 2015 12:09 PM To: [email protected] Subject: [WIRELESS-LAN] Cisco 2702 APs and MacOS security error? We are in the process of upgrading some buildings to 2702 APs, and after doing our first building clients with Apple hardware are seeing some odd behavior. They are receiving the attached error. It seems to be related to TKIP. We plan to remove TKIP from the WPA2 SSID this summer anyway and go with AES natively, but in the mean time we are trying to determine a fix. This is happening on both Apple OSX Yosemite and Maverick (that we have seen so far), as well as some iPhones. Has anyone seen anything similar? The odd thing is that we have not seen this on any 1142, 2602 or 3602 APs, just the new 2702's. Thanks. -- Joe Roth Network Manager Binghamton University Ph. 607-777-7528 Fax 607-777-4009 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
