Guest

Cisco Aironet 1100 Series

Field Notice: Cisco Aironet: Decrypt Errors With 802.11g Data Rates and Security Enabled


Revised February 27, 2004

February 26, 2004


Products Affected

  • AIR-AP1121G-x-K9

  • AIR-AP1231G-x-K9

  • AIR-MP21G-x-K9

Problem Description

Access points using 802.11g data rates and with security enabled such as WEP, LEAPor EAP, report decryption errors.

Background

This issue is seen in the access point radio firmware for 802.11g. Packets received at 802.11g rates with WEP enabled of certain sizes, will be corrupted. For IP packets at layer three, these will be packets of size 109 + n*124 bytes, where n is a non-negative integer. For example IP packets of length 109, 233, 357 and so on. The problem can be demonstrated via pings with 81, 205, 327 and so on payload bytes. This is seen with Cisco Aironet 802.11g clients as well as third party clients.

Problem Symptoms

Symptoms include timeouts, corrupted packets and decrypt errors. Certain data transfers, such as file transfers using Novell or Microsoft SMB networking, will fail. For a client attempting a failing data transfer, the decrypt errors counter and will increment. This can be seen in the show dot11 associations H.H.H Command line interface (CLI) command, where H.H.H. is the MAC address of a 802.11g client that is exhibiting the problem. This can also be seen in the GUI on the Association: Station View- Client page.

Workaround/Solution

This issue has been resolved in Cisco IOS® Software release 12.2(13)JA3. This release is available for download on Cisco.com through the IOS Upgrade Planner (registered customers only) and on the Wireless Software Center. Please refer to the release notes for upgrade instructions.

Access points with serial number FTX08090001 and greater, and FHK08090001 and greater will have the 12.2(13)JA3 image.

The following workarounds are available: Disable the 802.11g data rates 6, 9, 12, 18, 24, 36, 48 and 54 Mbps or disable WEP. The second option is not recommended due to security concerns, unless in a public access environment or using strong crypto such as IPSec.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCed50731 (registered customers only)

decrypt errors with 802.11g data rates and WEP

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.