Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
61795
Views
18
Helpful
28
Replies

Authentication Issue (EAPol Timeout) on WPA 2 PSK SSID

Cisco Support
Level 1
Level 1

‎07-12-2022 09:01 AM

We are not use Authentication servers to authenticate wireless users.

Just use only WPA 2 encryption mode for authenticate wireless users.

But we identified there are lot of EAPol timeouts happened during the client authentication

What would be the issue for this EAPol timeouts

Is this issue occurring from end user device or Access Point side ?

How Can we minimize this eapol timeout issue?

Guys Help me to rectify this issue

AI conversation icon

AI-generated summary

From your community moderators: We're experimenting with using AI to summarize some of our longer threads. The summary has been reviewed by humans for accuracy.
Problem

The original poster reported experiencing numerous EAPol timeout issues during client authentication on their WPA 2 PSK SSID network that doesn't use authentication servers, asking whether the issue originates from end-user devices or access points and how to minimize these timeouts.

Summary

Community discussions reveal several solutions, with enabling fast roaming 802.11r being the primary solution that successfully resolved the EAPol timeout issue for at least one user. Other users experiencing the same issue expressed initial skepticism about how 802.11r could solve PSK-related issues but were willing to try the solution. Additional suggested troubleshooting approaches included: checking for RF interference, verifying client device compatibility, examining network congestion, reviewing power settings on client devices, and ensuring proper SSID configuration. The problem appears to be related to the wireless authentication handshake process timing out during the four-way handshake between clients and access points, and while there was no explicit confirmation from the original poster about which solution worked, the 802.11r fast roaming feature was highlighted as the most effective fix for addressing these authentication timeouts.

Labels:
0 Helpful
28 Replies 28

Silvia3
Level 2
Level 2

‎04-20-2023 07:17 AM

Hello. I do have the same issue. Did you find any solution to this?

0 Helpful

Henrik_
Level 1
Level 1

‎04-20-2023 07:24 AM

Could the issues in this thread be related to Re: Radius Authentication Issues - The Meraki Community

0 Helpful

Silvia3
Level 2
Level 2
In response to Henrik_

‎04-20-2023 07:47 AM

We did disable 802.11w a few days ago but the errors still there.

I also tried disable band steering yesterday and will troubleshoot again next week.

Thanks for the reply.

0 Helpful

DainBrammage
Level 7
Level 7

‎04-24-2023 11:42 AM

  • Flush and forget any stored profiles entries. THESE ARE EASILY CORRUPTED
  • Update your client wireless drivers

As a SIMPLE test you can change your PSK make sure that it is at least 8 characters in length and test...

For the record just because a client doesn't move, that doesn't mean they will not roam. Clients, and clients alone, decide to which wireless AP they will connect.

Alex Tapia
Frequent Visitor
Frequent Visitor

‎06-21-2023 06:14 PM

Similar issue here:

EAPoL timeout issues to Radius Server. sometimes just a really long "Time to Connect"

affects users/computers randomly,

issue happening at multiple sites

both sites: are using MR52 APs

both sites are using Firmware MR 29.5.1

0 Helpful

Silvia3
Level 2
Level 2
In response to Alex Tapia

‎06-22-2023 02:39 AM

Hello.

We disabled client balancing in the radio configuration and users are no more complaining after that. Maybe this also helps for you?

BR

0 Helpful

amabt
Level 4
Level 4

‎08-06-2023 10:48 PM

was this ever solved?

0 Helpful

Silvia3
Level 2
Level 2
In response to amabt

‎08-07-2023 08:51 AM

We solved the problems by disabling client balancing. Please try that.

0 Helpful

Alex Tapia
Frequent Visitor
Frequent Visitor
In response to Silvia3

‎08-07-2023 09:30 AM

unfortunately, Management doesn't want us to disable that feature. looking at Radius Servers, we found 1 server that was not showing any connection attempts in logs, and removed that from the list of Radius Servers in Meraki. we are waiting on further confirmation from staff, hoping that was the problem.

0 Helpful

jbroadbr@cisco.com
Cisco Employee
Cisco Employee

‎08-09-2023 05:41 PM

I would STRONGLY recommend that you update your client drivers, as well as update Windows to latest build level as there are fixes for these timeouts. ANY wireless issue should trigger you to check that the latest drivers are installed!!!

In addition, there are also issue with latest Windows builds and 11r. If you see an "invalid MIC" issue then disable 11r for that SSID. My understanding (I may be wrong) is Microsoft are working on a fix but it'll be a while.

labyandrews
Frequent Visitor
Frequent Visitor

‎08-14-2023 07:06 AM

Thanks you all for the comments/responses as I too have similar issue with eapol_timeout/invalid MIC.

I too had tried enabling 802.11r ,but didn't fixed.

Thanks anyway and keep rocking and rolling. This forums help to learn/resolve issues as Meraki TAC is mostly late for actions.

0 Helpful

iterssroom
Community Member

‎08-30-2023 01:35 AM

Ok got it. Thank for your help.

redactle

0 Helpful

KevinWaller
Community Member

‎05-25-2024 12:22 PM

I was able to resolve this on my network by enabling fast roaming 802.11r

dvalverde111
Visitor
In response to KevinWaller

‎04-04-2025 02:33 PM

I selected adaptive mode in 802.11r and I didn't get any more similar logs.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card