We have seen issues with a Cisco 5500 and 2405 WLAN controller with older and the latest controller firmware(8.x) of not forwarding the first EAP Response frame to the radius server on 802.1x WLAN devices doing full authentications. The first EAP Response frame from the WLAN client is supposed to be forwarded to the Radius server but a Wireshark trace shows that frame is never sent by the WLAN controller. The WLAN controller does ack the first EAP Response frame but the EAP response frame when the problem occurs always seems to be a retried packet.   I do have all RRM and AP scanning turned off. This is an intermittent issue and only occurs on devices doing full authentications and does occur on multiple vendors products. This produces a 18-20 second drop-off until the station recovers by sending an EAP-Start frame and then it associates properly. Since the first EAP Response frame is never forwarded to the Radius server and the EAP Response frame is being ack’d on the retried packet, this seems to be a WLAN controller issues but I’m looking at all possibilities. Does anyone have any thoughts?

I attached a wireless and wired trace of the issue. See the Readme.txt file in the attachment for specific information.

Thanks in advance.