cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
343
Views
0
Helpful
6
Replies
Fesk6895
Beginner

Cisco 9115X FlexConnect "Failed to Dot11 validate dot11i pmkids"

Hi, All

We have a problem with roaming between two Cisco 9115X FlexConnect. Maybe someone can tell what the problem is.

 

2021/07/28 15:17:53.330986 {wncd_x_R0-0}{1}: [client-orch-sm] [8276]: (note): MAC: c491.0cab.802f Re-Association received. BSSID 488b.0a67.b24e, old BSSID 488b.0a67.b241, WLAN LOSS, Slot 1 AP 488b.0a67.b240, AP-LOSS
2021/07/28 15:17:53.331737 {wncd_x_R0-0}{1}: [dot11-validate] [8276]: (ERR): MAC: c491.0cab.802f Failed to Dot11 validate dot11i pmkids. SAE PMKID matching failed in roam case so rejecting Assoc Req
2021/07/28 15:17:53.332050 {wncd_x_R0-0}{1}: [dot11-validate] [8276]: (ERR): MAC: c491.0cab.802f Failed to dot11 ie validate wpa wpa2 info elment. Invalid PMKID
2021/07/28 15:17:53.332089 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [8276]: (ERR): c491.0cab.802fCLIENT_ASSOC_FAIL Failure = IE_VALIDATION_FAILURE Validation Failure Type = 53, WLAN profile = LOSS, Policy profile = LOSS
2021/07/28 15:17:53.332094 {wncd_x_R0-0}{1}: [dot11] [8276]: (ERR): MAC: c491.0cab.802f Failed to assoc failure tr state entry. Incorrect validation status value :53
2021/07/28 15:17:53.332434 {wncd_x_R0-0}{1}: [dot11] [8276]: (ERR): MAC: c491.0cab.802f Dot11 update co assoc fail. Sent assoc failure to CO. delete reason: 54, CO_CLIENT_DELETE_REASON_DOT11_INVALID_PMKID

6 REPLIES 6
Arshadsaf
Enthusiast

What the AP model?

Whats the IOS-XE code?

Is the AP's belongs to the same policy tag?

Is the client running the latest drivers?

AP model Cisco 9115X. EWC running on the 9115. IOS-XE code 17.5.1.

Yes, AP's belongs to the same policy tag.

 

 

 

Arshadsaf
Enthusiast

What is the session time out configured under the SSID?

 

wireless profile policy LOSS
no central association
no central dhcp
no central switching
description LOSS
dhcp-tlv-caching
http-tlv-caching
idle-timeout 7200
mdns-sd service-policy mDNS
session-timeout 36000
vlan 12
no shutdown

Arshadsaf
Enthusiast

If you have 11r enabled or adaptive, make sure disable it and test again. If not pls open a case with TAC. 

Hi Arshadsaf
Thanks for your help.
I opened a case.

 

Create
Recognize Your Peers
Content for Community-Ad