Since we have set up a wireless controller with WLC 7.6 we are seeing large numbers of alarms starting with: "MFP Anomaly Detected - x 'CCMP Not Encrypted' violation(s) have originated from the client with MAC..."
MFP, as I understand it is Management Frame Protection and is used to help prevent denial of service and man in the middle attacks. While I am fairly sure nobody is trying to attack our test environment, I am pretty concerned that this has coincided with a group of Apple device users reporting they have trouble connecting, or lose connection and have to reauthenticate.
We have set MFP from optional to disabled on the controller that is reporting all the problems but the alarms still persist, as does the problems with Macs and iPhones. The client MAC addresses on the alarms all display Apple or unknown as the vendor type. I can't see any obvious other problems and all other devices seem to be working well.
I'd love to stop people using Apple kit, but I don't think that is going to work somehow.
If/when I find a solution I will update below. It may have to involve a call to Cisco before too long.
I am still seeing the errors after the MFP changes, but I am also seeing Apple OSX Mavericks clients being unable to connect without displaying an error.
A few days off and still scratching my head. Not just Apple devices now but reports from a variety of devices and OS's. 3 People complained in one room and when investigated had a SNR of 40dBm and signal strength in the -50dBm's, they had an AP in their room, which typically works fine when we are stood in the room.
Of course, we were told by management that packet capturing tools were too advanced and we didn't need that level of expertise. Now, though, at this stage what are we supposed to do without them?
This morning we upgraded our controllers to 18.104.22.168. The MFP anomaly alarms are still appearing on Prime, but leaving MFP and QoS disabled and reapplying the config to our backup controller seems to have halted the client connectivity issues that have been reported. So far the affected users say the wireless has been much better.
Going to keep the support call open with our supplier as Prime is currently showing 225 critical alarms.