WPA2-Personal PSK passphrase mismatch
比較として、WPA2-Personal PSKパスフレーズを間違えて入力した場合のログを見てみましょう。
Auth、Assoc、4-way handshake を実施していないことが分かりますが、4-way handshake の Key2 で mic failure となっていることがわかります。WPA3 の場合と、だいぶ違いますね。
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jul 1 11:50:06 station-up * 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - - wpa2 psk aes Jul 1 11:50:06 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:06 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:07 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:07 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:08 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:09 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:10 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:10 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jul 1 11:50:06.099 assoc-resp b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success Jul 1 11:50:06.099 assoc-req 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 43 - Jul 1 11:50:06.097 auth b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success (seq num 0) Jul 1 11:50:06.097 auth 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 -
また、show log security コマンドにて、4-way handshake の Key2 で MIC Failed が発生しているログが確認できます。
AP505# show log security Jul 1 11:50:06 stm[5309]: <132094> <WARN> |AP AP505@192.168.210.215 stm| MIC failed in WPA2 Key Message 2 from Station 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 AP505
[English Version]
For comparison, let's see when WPA2-Personal PSK passphrase mismatch happens.
We can see Auth, Assoc and 4-way handshake, but we can see mic failure in 4-way handshake Key2. There are a lot of difference from WPA3-Personal PSK passphrase mismatch.
AP505# show ap debug auth-trace-buf Auth Trace Buffer ----------------- Jul 1 11:50:06 station-up * 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - - wpa2 psk aes Jul 1 11:50:06 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:06 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:07 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:07 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:08 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:09 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure Jul 1 11:50:10 wpa2-key1 <- 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 Jul 1 11:50:10 wpa2-key2 -> 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 - 117 mic failure AP505# show ap debug mgmt-frames Traced 802.11 Management Frames ------------------------------- Timestamp stype SA DA BSS signal Misc --------- ----- -- -- --- ------ ---- Jul 1 11:50:06.099 assoc-resp b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success Jul 1 11:50:06.099 assoc-req 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 43 - Jul 1 11:50:06.097 auth b8:3a:5a:8b:36:d1 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 15 Success (seq num 0) Jul 1 11:50:06.097 auth 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 b8:3a:5a:8b:36:d1 0 -
From show log security, we can see MIC Failed log in 4-way handshake Key2.
AP505# show log security Jul 1 11:50:06 stm[5309]: <132094> <WARN> |AP AP505@192.168.210.215 stm| MIC failed in WPA2 Key Message 2 from Station 04:69:f8:0c:88:a6 b8:3a:5a:8b:36:d1 AP505