Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2681
Views
0
Helpful
3
Replies

DOT1X-3-INVALID_WPA_KEY_MSG_STATE

josephschung
Level 1
Level 1

‎11-06-2014 01:04 AM - edited ‎07-05-2021 01:53 AM

Sir,

 

I have WLC5508 with software AIR-CT5500-K9-7-4-121-0.aes and have the following error message for a laptop.

 

==================================================================

*Dot1x_NW_MsgTask_4: Nov 06 15:34:09.313: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:861 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 6c:88:14:1c:7e:d4

*Dot1x_NW_MsgTask_4: Nov 06 15:34:08.157: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:861 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 6c:88:14:1c:7e:d4

==================================================================

 

This is a new setup and the laptop is the only wireless client. Any idea?

 

Also, the eap of WLC is using default as shown below.

=========================================

(Cisco Controller) >show advanced eap 


EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600

========================================

 

Thanks.

 

Labels:
0 Helpful
3 Replies 3

Dhiresh Yadav
Cisco Employee
Cisco Employee

‎11-06-2014 02:30 AM

Hi ,

 

Is Laptop able to connect ? From the Message it looks like WLC is complaining about error in M2 key which it received from the Client ? Try only wp2/AES with other setting disabled like WPA and TKIP.

Even if its not joining , check adapter details and driver details and see if you can find any known issue on Google.

Regards

Dhiresh

**Please rate helpful posts**

 

 

0 Helpful

josephschung
Level 1
Level 1
In response to Dhiresh Yadav

‎11-06-2014 07:19 AM

Hi Dhiresh,

 

The laptop is connecting but user complain the speed is very slow.

 

Do you thing it is laptop driver issue? Is there any workaround?

 

Thanks.

0 Helpful

Dhiresh Yadav
Cisco Employee
Cisco Employee
In response to josephschung

‎11-06-2014 08:02 AM

Hi,

 WPA2/AES are necessary for getting 11n speeds if your n/w has 11n APs.If that is configured then you need to check if the users are connecting with 11n speeds and if yes then which 11n rate m1 ,m2 or m8 etc.

The complain needs to be confirmed first. You can use many tools like IPerf to test throughput of the wireless user versus wired user.Try to check throughput for some internal server on the LAN from both wireless and wired.You will have to take in to account the number of users connected to the same AP. So you will have to check all this to reach to any conclusion.

Regards

Dhiresh

**Please rate helpful posts**

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card