The big problem is that workaround isn't really feasible if you have an 11n infrastructure. 85% of my clients are 11n.
-Chris On Aug 30, 2012, at 5:14 PM, Peter Bove <peb9...@nyp.org<mailto:peb9...@nyp.org>> wrote: Hi All, I questioned our Cisco SE about this and he passed along the following bug description. As you’ll read this affects WPA/WPA2-AES only. I’ve tested and confirmed WPA/TKIP works fine. The message is a bit misleading in my view. -Pete 802.11w-capable client fails pairwise key handshake with AES. Symptom: An 802.11w-capable client, such as a PC running Windows 8, cannot connect to an SSID using WPA or WPA2 key management with AES encryption. The AP will send the M1 pairwise key message, but the PC will never respond with M2. With "debug client" in effect, a message similar to the following will be seen: *dot1xMsgTask: Jun 12 20:23:37.471: 00:11:22:33:44:55 Retransmit failure for EAPOL-Key M1 to mobile 00:11:22:33:44:55, retransmit count 5, mscb deauth count 0 Conditions: Client is 802.11w-capable, wireless infrastructure is CUWN, SSID using WPA2/AES or WPA/AES. This bug affects CUWN 5.2.178.0 and above, but not CUWN 4.2 or earlier, nor does it affect autonomous IOS APs. Workaround: Use WPA/TKIP or WPA2/TKIP instead. Note that this will limit the client to 802.11g/802.11a data rates. Another workaround is to use a Windows 7, rather than Windows 8 driver, for the Adapter. Status <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> Fixed (Resolved) Severity <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> 2 - severe Last Modified <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> In Last 2 weeks Product <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> Cisco 5500 Series Wireless Controllers Technology <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> 1st Found-In <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> 5.2(178.0) 6.0(183.0) 7.0(98.0) 7.2(103.0) 7.2(104.20) Fixed-In <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> 7.0(236.0) 7.3(1.67) 7.2(110.4) 7.0(235.1) 7.2(111.1) 7.4(1.20) Component(s) <http://tools.cisco.com/Support/BugToolKit/images/Field%20Definitions.html> wlc-security ================================ Chris Murphy Senior Network Engineer MIT Information Services & Technology Room W92-190 77 Massachusetts Avenue Cambridge, MA 02139 ch...@mit.edu<mailto:ch...@mit.edu> 617-253-4105 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
