cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35112
Views
5
Helpful
4
Replies

DOT1X-3-INVALID_REPLAY_CTR

ov
Level 1
Level 1

Hi

Does anyone know the origin of this error message, found in the log of our Cisco 4400 WLC.

Aug 12 07:30:59.111 1x_eapkey.c:351 DOT1X-3-INVALID_REPLAY_CTR: Invalid replay counter from client 00:1f:9e:8b:8b:a6 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01

Apparently its an authentication issue, but i cant seem to find anything related on the web.

Softversion WLC: 5.0.148.0

Best regards

Ole Vik

1 Accepted Solution

Accepted Solutions

amritpatek
Level 6
Level 6

This error message due to the Client authentication failed because an EAPOL message from the client contained an invalid replay counter. For the Recommended Action try upgrading the client driver software or using different client software to isolate the cause. Also investigate possible intruder activity.

View solution in original post

4 Replies 4

amritpatek
Level 6
Level 6

This error message due to the Client authentication failed because an EAPOL message from the client contained an invalid replay counter. For the Recommended Action try upgrading the client driver software or using different client software to isolate the cause. Also investigate possible intruder activity.

This was indeed caused by client drivers.

Thank you

Can you please elaborate? What client drivers? Wireless network drivers? Or another kind of driver?

Our 8540 controllers have hundreds of these entries and are looping the log every hour.  Our controller shows shows 30k connected clients, however, I searched a couple of mac addresses from the log entries and don't see these particular client MAC's logged into the WLC.

 

Sample log entry:

*Dot1x_NW_MsgTask_5: Jan 24 12:46:18.443: %DOT1X-3-INVALID_REPLAY_CTR: [PA]1x_eapkey.c:458 Invalid replay counter from client 22:8d:5e:c8:7e:9d - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01

rburckner
Level 1
Level 1

I have this same issue with a small business WLAN, two 140 AC access points. All my clients have the latest updates. It appears to only happen with me for Apple clients.

Review Cisco Networking for a $25 gift card