Does anyone know how the "MIC" setting affects the setup of the Cisco AP 1200? I know it's some kind of encryption setting/integerity check...but I was wondering if this is what prohibits IP-based resources from authenticating?

My guess is your "IP based resources" do not support WPA/MIC. Is it mentioned anywhere in the setup of these devices?

MIC is part of WPA Encryption.

Per Cisco's description:

"Message Integrity Check Protection from Active Network Attacks
The use of a MIC thwarts an active network attack designed to determine the encryption key used to encrypt intercepted packets. This active attack is a combination of a bit-flipping attack and a replay attack. When MIC support is implemented on both the access point and all associated client devices, the transmitter of a packet adds a few bytes (the MIC) to the packet before encrypting and transmitting it. Upon receiving the packet, the recipient decrypts it and checks the MIC. If the MIC in the frame matches the calculated value (derived from the MIC function), the recipient accepts the packet; otherwise, the recipient discards the packet.
Using MIC, packets that have been maliciously modified in transit are dropped. Attackers cannot use bit-flipping or active replay attacks to fool the network into authenticating them, because Cisco Aironet products, which are MIC-enabled, identify and reject altered packets."

It's possible...they're Symbol "RF Guns" used in parts stores all around the nation that connect the access points that I configure. The bad part about this whole thing is we don't set up the guns here in La Crosse, they are configured by employees in St. Louis, so we have to configure our AP's so that they're compatable with these guns they push out. One of the requirements was this to be unchecked. So what you're saying is it becomes a vulnerability when this is not a part of the configuration?

Any time you reduce security, you raise vulnerability. Having the network secured to the point that it can't be used internally obviously isn't a good practice so you have to find a balance.

I'm somewhat familiar with Symbol products from supporting a car dealership for a few years. Their equipment was somewhat of a PITA to work with and was partially proprietary. I remember having a Symbol access point die and I had to replace it with a Linksys temporarily. Even though the Symbol devices were "WiFi" compatible, they just didn't want to work until I really loosened up the security on the AP. I ended up using MAC filtering as the primary security.

They can't send you a gun to do a little in house testing?

I've requested it a number of times...we have CIO's involved at this time trying to negotiate some kind of in house testing. When differents sectors of a company collide, it tends to reak havoc! I'm going to keep the push on to get their configuration for these guns...especially if they're planning on using MY ACCESS POINTS!