Re: Cisco Wireless controller with this error Unable to send EAPOL-key

caesarkrit · ‎06-01-2020

It would be great if anyone explained why we get these errors on the Cisco Wireless controller.

*dot1xMsgTask: May 31 00:04:14.261: %DOT1X-3-WPA_SEND_STATE_ERR: [PA]1x_kxsm.c:1718 Unable to send EAPOL-key msg - invalid WPA state (0) - client MAC
*dot1xMsgTask: May 30 22:56:37.488: %DOT1X-3-WPA_SEND_STATE_ERR: [PA]1x_kxsm.c:1718 Unable to send EAPOL-key msg - invalid WPA state (0) - client MAC

I have a cisco wireless controller 5508 model with version 8.3.150.0. When connecting phones to the wifi we seem to be having no issues, but Laptops and computers immediately show a "cant connect to this network" error when you click to connect. I already tried rebooting the controller and increasing the connection time for clients. Not sure what else could be the problem. This error came out randomly one week after no changes were made. Any assistance is appreciated.

Thanks

Scott Fella · ‎06-01-2020

What was changed a week ago? If you are using radius, any patching happen? If you search on the internet for that error, you will find some additional information. The code you are running is old also, so you might have to reference answers from your search or open a TAC case.

-Scott
*** Please rate helpful posts ***

caesarkrit · ‎06-01-2020

Thanks for getting back to me so soon. No changes or upgrades were made as we're usually the ones who make. Is there anything specific i should be looking for on the radius servers? No changes were made to that either. Unfortunately there are mixed answers when i search this up some of which I've already tried (client timeout increase, session timeout increase, rebooting the machine and re plugging everything) and TAC isn't an option. If there are any clues or specific debugs i can look for that you might know that would be helpful.Thanks

Scott Fella · ‎06-01-2020

What you need to look at are bugs. These can happen also if updated to devices were done. If you are using a radius server, look at the logs and see if you can tell what happened. I’m also assuming PSK and any open SSID’s are working fine?

-Scott
*** Please rate helpful posts ***

caesarkrit · ‎06-02-2020

Correct they are. Today i'll be doing a search and looking into some logs to check packet flow and possible bugs. It's an old system and the last upgrade we made was due to a DHCP bug that was not documented, so it would suck if this is also caused by another bug.

patoberli · ‎06-02-2020

Is the certificate not anymore valid on the radius server maybe? Or does it send the wrong one?

caesarkrit · ‎06-02-2020

Definitely worth looking at. Any idea how i can go about searching for that before i start googling and going down that rabbit hole.

patoberli · ‎06-02-2020

That depends upon your radius server. Which IP address it has, is written under the SSID configuration on the WLC or under Security -> Radius -> Authentication.

lalitkumar88551 · ‎04-15-2022

Not able to access Internet When connected with Guest SSID, Multiple users issue faced.

WLC5520

Product Version. 8.10.162.0

error log...

---------------Show msglog---------------

Message Log Severity Level ...................... ERROR
*dot1xMsgTask: Apr 07 04:44:44.963: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client 2e:14:de:7c:61:15
Previous message occurred 2 times.
Apr 07 04:23:22.873: [ERROR] ewmain.c 2969: EmWeb: select() failed for bad file descriptor : Bad file descriptor
Apr 07 04:02:40.927: [ERROR] ew_code.c 50522: current EMWEB_STRING/INCLUDE code did not return
Apr 07 04:02:40.927: Previous message occurred 11 times.
Apr 06 18:28:29.664: [ERROR] ewmain.c 2969: EmWeb: select() failed for bad file descriptor : Bad file descriptor
Apr 06 18:27:37.609: [ERROR] ew_code.c 50522: current EMWEB_STRING/INCLUDE code did not return
Apr 06 18:27:37.609: Previous message occurred 3 times.
Apr 06 14:27:25.489: [ERROR] ewmain.c 2969: EmWeb: select() failed for bad file descriptor : Bad file descriptor
*apfReceiveTask: Apr 06 13:57:28.649: %LOG-3-Q_IND: 1x_eapkey.c:3062 Received EAPOL-key message while in invalid state (4) - version 2, type 3, descriptor 2, client 66:3d:d3:c3:ec:35
*Dot1x_NW_MsgTask_5: Apr 06 13:53:42.541: %DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c:3062 Received EAPOL-key message while in invalid state (4) - version 2, type 3, descriptor 2, client 66:3d:d3:c3:ec:35
*Dot1x_NW_MsgTask_6: Apr 06 13:44:05.040: %LOG-3-Q_IND: 1x_eapkey.c:458 Invalid replay counter from client 00:42:38:dc:87:af - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01[...It occurred 2 times.!]
*Dot1x_NW_MsgTask_7: Apr 06 13:38:39.106: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:458 Invalid replay counter from client 00:42:38:dc:87:af - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_4: Apr 06 13:07:38.983: %DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c:458 Invalid replay counter from client c4:23:60:f8:29:4c - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01
*dot1xMsgTask: Apr 06 13:04:14.925: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client da:7a:11:ef:70:5d
*dot1xMsgTask: Apr 06 12:55:09.885: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client 6c:94:66:11:29:c0
*dot1xMsgTask: Apr 06 12:54:03.169: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client ec:5c:68:97:83:fb
*dot1xMsgTask: Apr 06 12:51:11.625: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client 66:20:fa:51:03:66
*dot1xMsgTask: Apr 06 12:41:23.529: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client ec:5c:68:97:4c:7b
*dot1xMsgTask: Apr 06 12:35:08.721: %DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1742 Unable to send EAPOL-key msg - invalid WPA state (0) - client 00:42:38:dc:7c:6f

Cisco Wireless controller with this error Unable to send EAPOL-key msg - invalid WPA state (0) - client