I have recently setup syslog server for our WLAN controllers. There are two devices that are continually generating the message:
\|dot1x-proc:2\| MIC failed in WPA2 Key Message 2
I can't track the mac addresses but they are generating hundreds of alerts over and over. Is there a way to stop this message or work out what is causing it? If I blacklisted the mac address would it disappear? I have the alerting level set to warning.
You should blacklist the mac addresses, but they would appear in different logs.
I have blacklisted the addresses and they do appear in a different log although a lot less frequent which is better thanks for your help.
Would you say that this means someone has been continually trying to connect to the wireless network and failing?
The device seems to be using the wrong preshared key. It might be a device that was provisioned with that SSID in the past with an old preshared key.
Is there any way to tell what SSID it is using ? We have two one guest using WPA2-PSK and one using WPA2-AES
As it said key message i believed it would be the WPA2-PSK SSID but wasn't sure 100%
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.