05-27-2020 01:43 AM - edited 07-05-2021 12:06 PM
I have 300 ap on wlc 5520.
Some clients (only iPhones) are disconnected at unspecified times.
I did the analysis and the log below was checked.
% DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c: 1547 Received invalid EAPOL-key M2 msg in START state-invalid RSN IE; KeyLen 22, Key type 1, client aa: bb: cc: dd: ee: ff
In the log above, all mac addresses were confirmed as apple mac.
I did a community and bug search.
I tried applying all the methods I found in relation to this, but it did not resolve.
Only wpa2 / aes is set in wlan and there is no authentication server.
Both ft and pmf are not used for wlan.
I tried changing the value of EAP-Broadcast Key Interval to 86400, but the result was the same.
os version is 8.5.151 and ap is 1815, 1832.
We do not use a separate authentication server, do we need to see the EAP settings?
Where should I solve the problem?
I sincerely ask for your help from the community cisco.
Solved! Go to Solution.
05-29-2020 04:27 AM
05-27-2020 07:17 AM
there are posts that pint to a bug in version 8.3
read this post that suggests the client driver or an intruder
it could just be the client prefers to connect using DOT1x first, and reverts to PSK second.
(wild idea: does these clients use the same SSID name elsewhere with DOT1x enabled?)
remove the wlan config from the client device and after some minutes re-add.
05-27-2020 07:04 PM - edited 05-27-2020 07:13 PM
We are using WPA2 AES (PSK) only for WLAN.
I do not use an authentication server and local EAP.
However, EAP related logs are generated. Is this normal operation?
I tried adjusting the EAP Timer, but the result is the same.
802.1x is not used.
There is no SSID of the same name using the authentication server.
05-27-2020 11:06 PM - edited 05-27-2020 11:07 PM
normally people take their phone everywhere, also outside your company.
and not only company phones are within reach of your wifi-network!
there will be guests and strangers passing past the office.
my suggestion is that some phone at some time outside your network, connected to a SSID with the same name.
and now comes within reach of your network and tries to authenticate using credentials configured for "the other network".
which of course fail..... and that is normal behaviour to show up in your logs.
05-28-2020 05:01 AM - edited 05-28-2020 05:08 AM
I don't think that's the problem.
I have a test AP in an enclosed space.
(2.4Ghz and 5Ghz signal absolutely free space)
I was connected to the WLAN in the latest OS of iPhone 11 pro.
If you repeatedly go out of sleep mode several times, communication with the outside is not possible even when connected to WLAN.
The condition of the iPhone's Wi-Fi antenna is full.
It does not occur on Android, MacBook, and laptops.
It only happens on the iphone.
5 ~ 6 years ago, there was a case where the iPhone could not communicate due to a similar problem.
At that time, IOS update or WLC OS update has been solved.
I'm not sure if this is the same problem again.
This time, a special log occurred in WLC.
I don't know what the cause is.
I understand your suggestion.
It is a university wireless network and there are only 200 people due to corona.
20 iphone clients a day have the same problem.
It seemed to have been resolved by going through a WLC OS update with a similar issue in early 2019, but it is said that it has recently begun to reappear.
When there are many people, I usually use up to 3000 people.
At this time, it is expected that 300 problems will occur simply by calculating.
This is a very big problem.
Thank you very much for your answer.
05-29-2020 04:27 AM
06-14-2020 07:40 PM
Eventually, it was confirmed to be an OS problem.
Thanks to everyone who helped. :D
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: