Recently I upgraded our Cisco 4402 Wireless LAN Controller to a later release and soon after the upgrade I started noticing the below messages, I am not sure if this started happing because of the upgrade or if I had never noticed it before.
SNMP Trap Log:
WPA MIC Error counter measure activated on Radio with MAC XX:XX:XX:XX:XX:XX and Slot ID 1. Station MAC Address is XX:XX:XX:XX:XX:XX and WLAN ID is 1.
spam_lrad.c:19982 LWAPP-3-MIC_COUNTER: Received MIC countermeasure, WLAN 1, slot 1 AP AP13 client XX:XX:XX:XX:XX:XX X.X.X.X 25/01 13:08:58.206
The way I understand it when a MIC error is detected the access point / controller believes something suspicious is happing on the network so it drops all of the clients off of the detecting access point for 60 seconds.
Most of the time the MIC error is caused because of dodgy wireless drivers on the Laptop / device.
I resolved the Station MAC address / Client mac address to the laptop hostnames and found a group of our laptops had a very old Intel Pro Wireless 2915ABG drivers and a few had an old Intel Pro Wireless 3945ABG driver.
Updating to the latest drivers on the effected laptops has so far resolved the issue for me
I had Microsoft SCCM 2007 so resolving the MAC addresses to usernames was pretty easy there are of cause several other ways including, if the laptop is still online you can use the Cisco Controller by going to the Monitor tab and selecting Clients, select the offending MAC address and that should give the username that is currently logged onto the Laptop.