i searched if this could be due to a SW bug, but i did not find any thing,
i would suggest to extend the rotation interval to reduce the number of key exchanges:
config advanced eap bcast-key-interval 86400 (no impact to associated clients)
is there any impact on the client ?
ap per output: EAP-Broadcast Key Interval....................... 3600
In some case, you might want to configure the idle timeout with a large number, for example 7200 seconds, which is 2 hours). You might think your client will remain in the client table without sending out packets for 2 hours. That is NOT necessarily the case. If the EAP-Broadcast Key Interval(by default 3600 seconds) kicks in, your client might be removed from the WLC.
When the EAP-Broadcast Key Interval kicks in, WLC will ask ALL clients to update their Broadcast Key. If your client happens to be out of the coverage area, it will not update its Broadcast Key of course.
To change the EAP-Broadcast Key Interval you will need to run the following command:
(Cisco Controller)> config advanced eap bcast-key-interval seconds 43200
then clear the log message from WLC by this command:
(Cisco Controller)>clear msg
then press yes.
Then if these messages comes then then check the timeperiod beteen these errors.
Dont forget to rate helpful posts
Is there any difference between M1 and M5 on the msg above?
*dot1xMsgTask: Mar 26 13:19:31.123: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M5 retransmissions exceeded for client 3c:43:8e:0b:ee:f1
the M1 and M5 are exchange messages of the handshake messages ,
the perpuse of these messages is to generate the PMK of the client, the clinet and the WLC exchange some messages to generate this key , M1 and M5 are one of these messages,
in a technical perspective there is no difference as we can't do or change in these messages , as these messages are a standard
I'm going to take a wild guess here, The 2600 APS are B radios only, I'm going to guess you have a ton of interference and its causing your issues. Do you have any APs with A radios that you can test with ?