Showing results for 
Search instead for 
Did you mean: 

%DOT1X-3-INVALID_WPA_KEY_MSG_STATE ... iphone network failure inquiry


I have 300 ap on wlc 5520.
Some clients (only iPhones) are disconnected at unspecified times.
I did the analysis and the log below was checked.
% DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c: 1547 Received invalid EAPOL-key M2 msg in START state-invalid RSN IE; KeyLen 22, Key type 1, client aa: bb: cc: dd: ee: ff
In the log above, all mac addresses were confirmed as apple mac.
I did a community and bug search.
I tried applying all the methods I found in relation to this, but it did not resolve.

Only wpa2 / aes is set in wlan and there is no authentication server.
Both ft and pmf are not used for wlan.
I tried changing the value of EAP-Broadcast Key Interval to 86400, but the result was the same.
os version is 8.5.151 and ap is 1815, 1832.

We do not use a separate authentication server, do we need to see the EAP settings?
Where should I solve the problem?
I sincerely ask for your help from the community cisco.

thank you.


1 Accepted Solution

Accepted Solutions

There are some issues in the firmware you currently use, which might show this issue.
For this reason I suggest to upgrade to
Release notes with the fixed bugs:

View solution in original post

6 Replies 6

VIP Engager VIP Engager
VIP Engager

there are posts that pint to a bug in version 8.3

read this post that suggests the client driver or an intruder

it could just be the client prefers to connect using DOT1x first, and reverts to PSK second.

(wild idea: does these clients use the same SSID name elsewhere with DOT1x enabled?)

remove the wlan config from the client device and after some minutes re-add.

We are using WPA2 AES (PSK) only for WLAN.
I do not use an authentication server and local EAP.
However, EAP related logs are generated. Is this normal operation?
I tried adjusting the EAP Timer, but the result is the same.

802.1x is not used.

There is no SSID of the same name using the authentication server.

normally people take their phone everywhere, also outside your company.
and not only company phones are within reach of your wifi-network!

there will be guests and strangers passing past the office.


my suggestion is that some phone at some time outside your network, connected to a SSID with the same name.
and now comes within reach of your network and tries to authenticate using credentials configured for "the other network".
which of course fail..... and that is normal behaviour to show up in your logs.

I don't think that's the problem.
I have a test AP in an enclosed space.
(2.4Ghz and 5Ghz signal absolutely free space)
I was connected to the WLAN in the latest OS of iPhone 11 pro.
If you repeatedly go out of sleep mode several times, communication with the outside is not possible even when connected to WLAN.
The condition of the iPhone's Wi-Fi antenna is full.
It does not occur on Android, MacBook, and laptops.
It only happens on the iphone.
5 ~ 6 years ago, there was a case where the iPhone could not communicate due to a similar problem.
At that time, IOS update or WLC OS update has been solved.
I'm not sure if this is the same problem again.
This time, a special log occurred in WLC.
I don't know what the cause is.


I understand your suggestion.
It is a university wireless network and there are only 200 people due to corona.
20 iphone clients a day have the same problem.
It seemed to have been resolved by going through a WLC OS update with a similar issue in early 2019, but it is said that it has recently begun to reappear.
When there are many people, I usually use up to 3000 people.
At this time, it is expected that 300 problems will occur simply by calculating.

This is a very big problem.

Thank you very much for your answer.


There are some issues in the firmware you currently use, which might show this issue.
For this reason I suggest to upgrade to
Release notes with the fixed bugs:

Eventually, it was confirmed to be an OS problem.
Thanks to everyone who helped. :D

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers