Yes, on all controllers's

Yes, on all controllers's logs I can find these msgs  a lot of times

i searched if this could be

i searched if this could be due to a SW bug, but i did not find any thing,


i would suggest to  extend the rotation interval to reduce the number of key exchanges:

config advanced eap bcast-key-interval 86400 (no impact to associated clients)


is there any impact on the client ?

Hi,ap per output: EAP


ap per output: EAP-Broadcast Key Interval....................... 3600

In some case, you might want to configure the idle timeout with a large number, for example 7200 seconds, which is 2 hours). You might think your client will remain in the client table without sending out packets for 2 hours. That is NOT necessarily the case. If the EAP-Broadcast Key Interval(by default 3600 seconds) kicks in, your client might be removed from the WLC.

When the EAP-Broadcast Key Interval kicks in, WLC will ask ALL clients to update their Broadcast Key. If your client happens to be out of the coverage area, it will not update its Broadcast Key of course.


To change the EAP-Broadcast Key Interval you will need to run the following command:

(Cisco Controller)> config advanced eap bcast-key-interval seconds 43200

then clear the log message from WLC by this command:

(Cisco Controller)>clear msg

then press yes.


Then if these messages comes then then check the timeperiod beteen these errors.


Is there any difference

Is there any difference between M1 and M5 on the msg above?


*dot1xMsgTask: Mar 26 13:19:31.123: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M5 retransmissions exceeded for client 3c:43:8e:0b:ee:f1

the M1 and M5 are exchange

the M1 and M5 are exchange messages of the handshake messages , 


the perpuse of these messages is to generate the PMK of the client, the clinet and the WLC exchange some messages to generate this key , M1 and M5 are one of these messages,


in a technical perspective there is no difference as we can't do or change in these messages , as these messages are a standard 



Hello i have the same problem , For example in one location we have 9 access points 2600 series and 8 are working and 1 not . I need to mentioned that all the clients have HP with windows 10 . I made a test and update the drivers for 1 2 clients . and was working for 30 min than not anymore . They can see the ssid but tha`s all cannot connect to it , The problem is not the ap because we have the same issue in more locations The wlc is 5508 with version 8.2.166 , The problem started 2 weeks ago . Any ideea ?

I'm going to take a wild guess here, The 2600 APS are B radios only,  I'm going to guess you have a ton of interference and its causing your issues. Do you have any APs with A radios that you can test with ?





