TKIP Countermeasure Holdoff Time
TKIP countermeasure mode can occur if the access point receives two message integrity check (MIC) errors within a 60 second
period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and holdoff any
clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Unified Wireless LAN Controller, telnet or SSH to the
controller and enter the following command:
(Cisco Controller) >config wlan security tkip hold-down <nseconds> <wlan-id>
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.
Tkip MIC Countermeasure Hold-down Timer....... 60
For the Cisco Autonomous Access Point, enter the time in seconds to holdoff clients if a TKIP countermeasure event occurs.
Interface dot11radio X
countermeasure tkip hold-time <nseconds>
VLANs and Cisco Autonomous Access Points
Segment wireless voice and data into separate VLANs.
A subnet for wireless clients should not exceed 1,000 hosts.
Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G Deployment Guide
88