cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
0
Helpful
5
Replies
Highlighted
Beginner

Disconnects on WLC with 8.1.111.0 code

Hi,

i have an Cisco WLC 2504 with IOS 8.1.111.0 and AP 1602E on it.

after moving from WPA with TKIP to WPA2 with AES, many of clients keep disconnecting. 

log that i see is next one:

*Dot1x_NW_MsgTask_2: Aug 13 18:23:29.294: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:961 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client d0:7e:35:a8:95:3a

 

vey strange. 

I have changed some timeouts but it did not help. 

 

thanks

5 REPLIES 5
Highlighted
Rising star

The problem is probably that your clients are still trying to use TKIP because that is what is configured in the wireless profile they have. If this profile has been created automatically by the end-user when they first connected it needs to be removed manually and recreated or just changed (depends on the client device). From standpoint of the end-user it is probably simpler if you can push settings with a GPO (Windows) or use mobile device management tooling for Apple and Android devices.

Sometimes it is easier to create a second SSID which clients have not used before so there is no history. This way you can also monitor which devices are still using the "old" SSID. Once the clients are moved you can remove it. Depending on which EAP(ol) settings you change I would advice you making them default again.

Please rate useful posts... :-)

Highlighted

Hi,

 

We had migrated the client config pushed via GPO. all the client have connected to AP/WLC. but sometime, like once a 2 hour or once 3o minutes, AP disconnect them

on windows, it shows "limited connectivity" 

 

Thanks

Highlighted

May be code specific issue as well. Reach TAC and see if any known issue with your current code.

HTH

Rasika

Highlighted

Limited connectivity may be due to DHCP (option 43 received invalid ip or no ip address, proxy). AAA,bad RF. But as per the log you have shared its seems like a  issue with client wireless profile as Freerk Terpstra  suggested try with change/new profile.

Highlighted
Enthusiast

My suggestion is recreate the Profile[WLAN/SSSID] on WLC and bind WPA with AES only and uncheck 802.1x if not using.

 

Also try to use Cisco supplicant on client side those having issue disconnecting.