Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
5
Replies

Disconnects on WLC with 8.1.111.0 code

cloudmin
Level 1
Level 1

‎08-13-2015 08:34 AM - edited ‎07-05-2021 03:45 AM

Hi,

i have an Cisco WLC 2504 with IOS 8.1.111.0 and AP 1602E on it.

after moving from WPA with TKIP to WPA2 with AES, many of clients keep disconnecting. 

log that i see is next one:

*Dot1x_NW_MsgTask_2: Aug 13 18:23:29.294: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:961 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client d0:7e:35:a8:95:3a

 

vey strange. 

I have changed some timeouts but it did not help. 

 

thanks

Labels:
0 Helpful
5 Replies 5

Freerk Terpstra
Level 7
Level 7

‎08-13-2015 02:43 PM

The problem is probably that your clients are still trying to use TKIP because that is what is configured in the wireless profile they have. If this profile has been created automatically by the end-user when they first connected it needs to be removed manually and recreated or just changed (depends on the client device). From standpoint of the end-user it is probably simpler if you can push settings with a GPO (Windows) or use mobile device management tooling for Apple and Android devices.

Sometimes it is easier to create a second SSID which clients have not used before so there is no history. This way you can also monitor which devices are still using the "old" SSID. Once the clients are moved you can remove it. Depending on which EAP(ol) settings you change I would advice you making them default again.

Please rate useful posts... :-)

0 Helpful

cloudmin
Level 1
Level 1
In response to Freerk Terpstra

‎08-14-2015 08:57 AM

Hi,

 

We had migrated the client config pushed via GPO. all the client have connected to AP/WLC. but sometime, like once a 2 hour or once 3o minutes, AP disconnect them

on windows, it shows "limited connectivity" 

 

Thanks

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to cloudmin

‎08-14-2015 03:48 PM

May be code specific issue as well. Reach TAC and see if any known issue with your current code.

HTH

Rasika

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee
In response to cloudmin

‎08-20-2015 07:17 AM

Limited connectivity may be due to DHCP (option 43 received invalid ip or no ip address, proxy). AAA,bad RF. But as per the log you have shared its seems like a  issue with client wireless profile as Freerk Terpstra  suggested try with change/new profile.

0 Helpful

gohussai
Level 4
Level 4

‎08-20-2015 03:21 PM

My suggestion is recreate the Profile[WLAN/SSSID] on WLC and bind WPA with AES only and uncheck 802.1x if not using.

 

Also try to use Cisco supplicant on client side those having issue disconnecting. 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card