Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
10
Helpful
2
Replies

Cisco WLC block the client from connecting to wireless network?

Majid Jalinousi
Level 1
Level 1

‎10-24-2016 07:22 AM - edited ‎07-05-2021 06:01 AM

We've launched a wireless network consisting of ISE 2.0 and Cisco WLC 5508 with version of AIR-OS 8.2.100.

When the clients want to connect to wireless network the WLC block the client from connecting to the wireless network with below log, when I checked the ISE logs I could see the everything is OK and the ISE send access-accept to the WLC.


*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.831: [PA] a8:a7:95:76:7b:5a Sending EAPOL-Key Message to mobile a8:a7:95:76:7b:5a
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.831: [PA] a8:a7:95:76:7b:5a Reusing allocated memory for EAP Pkt for retransmission to mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.831: [PA] a8:a7:95:76:7b:5a Entering Backend Auth Success state (id=251) for mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.832: [PA] a8:a7:95:76:7b:5a Received Auth Success while in Authenticating state for mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.832: [PA] a8:a7:95:76:7b:5a dot1x - moving mobile a8:a7:95:76:7b:5a into Authenticated state
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.877: [PA] a8:a7:95:76:7b:5a Received EAPOL-Key from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.877: [PA] a8:a7:95:76:7b:5a Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.877: [PA] a8:a7:95:76:7b:5a Received EAPOL-key in PTK_START state (message 2) from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.877: [PA] a8:a7:95:76:7b:5a Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_2: Oct 24 17:36:58.877: [PA] a8:a7:95:76:7b:5a Received EAPOL-key M2 with invalid MIC from mobile a8:a7:95:76:7b:5a version 2
*osapiBsnTimer: Oct 24 17:37:01.915: [PA] a8:a7:95:76:7b:5a 802.1x 'timeoutEvt' Timer expired for station a8:a7:95:76:7b:5a and for message = M2
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.915: [PA] a8:a7:95:76:7b:5a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.919: [PA] a8:a7:95:76:7b:5a Received EAPOL-Key from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.919: [PA] a8:a7:95:76:7b:5a Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.919: [PA] a8:a7:95:76:7b:5a Received EAPOL-key in PTK_START state (message 2) from mobile a8:a7:95:76:7b:5a
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.919: [PA] a8:a7:95:76:7b:5a Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_2: Oct 24 17:37:01.919: [PA] a8:a7:95:76:7b:5a Received EAPOL-key M2 with invalid MIC from mobile a8:a7:95:76:7b:5a version 2
*osapiBsnTimer: Oct 24 17:37:04.915: [PA] a8:a7:95:76:7b:5a 802.1x 'timeoutEvt' Timer expired for station a8:a7:95:76:7b:5a and for message = M2
*Dot1x_NW_MsgTask_2: Oct 24 17:37:04.915: [PA] a8:a7:95:76:7b:5a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile a8:a7:95:76:7b:5a
*osapiBsnTimer: Oct 24 17:37:07.915: [PA] a8:a7:95:76:7b:5a 802.1x 'timeoutEvt' Timer expired for station a8:a7:95:76:7b:5a and for message = M2
*Dot1x_NW_MsgTask_2: Oct 24 17:37:07.915: [PA] a8:a7:95:76:7b:5a Retransmit 3 of EAPOL-Key M1 (length 121) for mobile a8:a7:95:76:7b:5a
*osapiBsnTimer: Oct 24 17:37:10.915: [PA] a8:a7:95:76:7b:5a 802.1x 'timeoutEvt' Timer expired for station a8:a7:95:76:7b:5a and for message = M2

But the surprising thing is, this problem occurs just on some versions of the windows, for example on some build number of windows 10 like 10240 the clients can connect to the wireless network, but on the windows versions like 1607 with any build number absolutely can't connect to the wireless network.

This seems the problem is a client side problem but how can I fix the problem? what's different between the windows 10 versions?

Is there any setting to do on the WLC configuration to ignore the client modification on the packet? What is the root cause of the problem?

I really confused with this problem and our managers are really disappointment to cancel the project. Is there any way to solve it?

I will be so appreciate for any kind of help.

BR,

1 person had this problem
Labels:
2 Replies 2

Majid Jalinousi
Level 1
Level 1

‎10-25-2016 03:27 AM

The good news is I found the solution after several weeks.

You can find the solution in the below link:
https://support.microsoft.com/en-us/kb/3121002

0 Helpful

ali.mousavizadeh
Level 1
Level 1
In response to Majid Jalinousi

‎10-25-2016 04:30 AM

Hi

Very Nice Thank you very much

It was a big help for me.

Thanks

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card