cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2056
Views
0
Helpful
8
Replies

Cisco 9115X FlexConnect "Failed to Dot11 validate dot11i pmkids"

Fesk6895
Beginner
Beginner

Hi, All

We have a problem with roaming between two Cisco 9115X FlexConnect. Maybe someone can tell what the problem is.

 

2021/07/28 15:17:53.330986 {wncd_x_R0-0}{1}: [client-orch-sm] [8276]: (note): MAC: c491.0cab.802f Re-Association received. BSSID 488b.0a67.b24e, old BSSID 488b.0a67.b241, WLAN LOSS, Slot 1 AP 488b.0a67.b240, AP-LOSS
2021/07/28 15:17:53.331737 {wncd_x_R0-0}{1}: [dot11-validate] [8276]: (ERR): MAC: c491.0cab.802f Failed to Dot11 validate dot11i pmkids. SAE PMKID matching failed in roam case so rejecting Assoc Req
2021/07/28 15:17:53.332050 {wncd_x_R0-0}{1}: [dot11-validate] [8276]: (ERR): MAC: c491.0cab.802f Failed to dot11 ie validate wpa wpa2 info elment. Invalid PMKID
2021/07/28 15:17:53.332089 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [8276]: (ERR): c491.0cab.802fCLIENT_ASSOC_FAIL Failure = IE_VALIDATION_FAILURE Validation Failure Type = 53, WLAN profile = LOSS, Policy profile = LOSS
2021/07/28 15:17:53.332094 {wncd_x_R0-0}{1}: [dot11] [8276]: (ERR): MAC: c491.0cab.802f Failed to assoc failure tr state entry. Incorrect validation status value :53
2021/07/28 15:17:53.332434 {wncd_x_R0-0}{1}: [dot11] [8276]: (ERR): MAC: c491.0cab.802f Dot11 update co assoc fail. Sent assoc failure to CO. delete reason: 54, CO_CLIENT_DELETE_REASON_DOT11_INVALID_PMKID

8 Replies 8

Arshad Safrulla
VIP Advocate VIP Advocate
VIP Advocate

What the AP model?

Whats the IOS-XE code?

Is the AP's belongs to the same policy tag?

Is the client running the latest drivers?

AP model Cisco 9115X. EWC running on the 9115. IOS-XE code 17.5.1.

Yes, AP's belongs to the same policy tag.

 

 

 

Arshad Safrulla
VIP Advocate VIP Advocate
VIP Advocate

What is the session time out configured under the SSID?

 

wireless profile policy LOSS
no central association
no central dhcp
no central switching
description LOSS
dhcp-tlv-caching
http-tlv-caching
idle-timeout 7200
mdns-sd service-policy mDNS
session-timeout 36000
vlan 12
no shutdown

Arshad Safrulla
VIP Advocate VIP Advocate
VIP Advocate

If you have 11r enabled or adaptive, make sure disable it and test again. If not pls open a case with TAC. 

Hi Arshadsaf
Thanks for your help.
I opened a case.

 

Hello,

I've the same problem.

Do you found a solution for this please ?

Regard

Was there a resolution for this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers