Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1951
Views
0
Helpful
3
Replies

7.2.111.3 more dropped connections

rsaeks
Level 1
Level 1

‎01-07-2013 11:41 AM - edited ‎07-03-2021 11:18 PM

A week ago we upgrade from the 7.0.116 software to 7.2.111.3.  Since doing that we are seeing a lot more clients drop connections and be unable to re-join.  The wireless network KEY (WPA & TKIP) is on the machines and stored.  When the connection drops for whatever reason and the network is select, the user is then prompted to re-enter the key.  They can enter in the key, however we do not want to give our wireless key.

Looking at the controller we see a lot of messages similar to these:

*dot1xMsgTask: Jan 07 15:45:12.339: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client Client4

*dot1xMsgTask: Jan 07 15:41:31.539: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M3 retransmissions exceeded for client Client3

*dot1xMsgTask: Jan 07 15:04:52.519: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client Client1

*dot1xMsgTask: Jan 07 15:04:45.719: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M1 retransmissions exceeded for client Client1

*dot1xMsgTask: Jan 07 15:04:00.119: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M5 retransmissions exceeded for client Client2

*dot1xMsgTask: Jan 07 15:03:51.719: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M5 retransmissions exceeded for client Client2

The machines are Mid 2011 iMacs running 10.6.8.  While running 7.0.116 code we did not have this issue.  The only item that has since changed is migrating to the 7.2.111.3 code.  Are there any ideas on items to check and try on this to have some greater stability?

We are running on a WLC5508 with 1142 APs.

Labels:
0 Helpful
3 Replies 3

timsmith
Cisco Employee
Cisco Employee

‎01-07-2013 06:04 PM

Can I get the output of "show advanced eap" from the controller CLI?

Sent from Cisco Technical Support iPad App

0 Helpful

rsaeks
Level 1
Level 1
In response to timsmith

‎01-07-2013 06:20 PM

Sure thing:

EAP-Identity-Request Timeout (seconds)........... 30

EAP-Identity-Request Max Retries................. 2

EAP Key-Index for Dynamic WEP.................... 0

EAP Max-Login Ignore Identity Response........... enable

EAP-Request Timeout (seconds).................... 30

EAP-Request Max Retries.......................... 2

EAPOL-Key Timeout (milliseconds)................. 1000

EAPOL-Key Max Retries............................ 2

EAP-Broadcast Key Interval....................... 3600

Thank You!

Randy

0 Helpful

timsmith
Cisco Employee
Cisco Employee
In response to rsaeks

‎01-11-2013 04:57 AM

You may want to tweak those settings a bit, which you can do via the controller CLI:

config advanced eap eapol-key-timeout 2000

save config

basically this will give the EAP key exchange a bit more time.

The key timeouts can also be due to client issues and poor RF in the area the client it located at.

-Tim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card