Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)


Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports


Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap




LWAPP QoS Packet Tagging



IEEE 802.11a/g/n Reference Sheet


Interference Types


Microwave Oven

Cordless Phone


  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

« Autonomous: Reset Cisco Access Point to Factory Defaults Using the MODE Button | Main

Configure TKIP Countermeasure Holdoff Timer on Autonomous

After having worked on countless Cisco WLAN VoIP deployments a general rule of thumb from Cisco TAC is to disable TKIP countermeasure on ALL voice WLANs and lessen the timer for DATA WLANs. Again this is all subject to your comfort level and performance requirements. Personally, I can't say I have ever seen this to be an issue or had an issue that was directly related to the countermeasure. But something to chew on!

TKIP countermeasure mode can occur if the Access Point receives 2 message integrity check (MIC) errors within a 60 second period. When this occurs, the Access Point will de-authenticate ALL TKIP clients associated to that 802.11 radio and holdoff any clients for the countermeasure holdoff time (default = 60 seconds).


ap#config t

ap(config)#interface dot11Radio 0

Note: This is radio specific on autonomous access points

ap(config-if)#countermeasure tkip 0

Note:  Configures TKIP MIC countermeasures hold-down timer (0-65535 seconds), unlike the WLC which is (0-60 seconds)

Reader Comments (1)

I have always thought of this TKIP MIC countermeasure be be a short-sighted (stupid :)) thing. Cause it can be used for DOS attack on your WLC not allowing all your clients to associate for a long time before the attack is discovered. I am not sure but I remember reading that it has become disabled in some of the most recent of future codes for WLC at least. But isnĀ“t this "feature" disabled for Autonomous APs ? At least I never have come accross this problem in those.

regards. Kristjan Edvardsson

October 11, 2010 | Unregistered CommenterKristjan Edvardsson

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>