cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14616
Views
16
Helpful
8
Replies

*** RSN ERROR: Received a data frame when no keys are plumbed

trevormuench
Level 1
Level 1

I am having an issue using 2 WLCs on 8.10.162.0 and 3802i APs. Any MacOS client connected to our WPA2 with 802.1X auth, network shows the wifi status symbol as "connecting" even though when viewing the client detail it is connected successfully. I have captured client-trace data and there seems to be a 13 minute gap where the client will "connect" but then will "disconnect". the only error Message I have seen in a client trace is 

*** RSN ERROR: Received a data frame when no keys are plumbed.

 

- We do mange our MacOS clients with JAMF, and have deployed a certificate, but have not successfully gotten that to work so Clients continue to accept and hit continue when a Cert is presented to them when they authenticate with the network for the first time.

 

Every 30 minutes, which I have assumed is the "EAP-Broadcast Key Interval....................... 3600" there is a successful EAPol Handshake. 

 

Now some of my coworkers are correlating the symptom of the "connecting" status to Zoom video and audio lag?

 

Does anyone have any recommendations on how I can fix this?

8 Replies 8

marce1000
VIP
VIP

 

 - Refhttps://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&kw=Received%20a%20data%20frame%20when%20no%20keys%20are%20plumbed&bt=custV&sb=anfr

  Seems related to bugs , the first one is apparently not publicly visible but you can still have a summary view on it when looking at the right pane, of the above link. Second one https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz66202 . suggest going beyond current version on WLC such as : 8.10.171.0

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JPavonM
VIP
VIP

I've been seeing that error on my setup for Flex APs and clients using dot1X (this time they were Win10) and users were complaining about disconnections. After doing multiple debugs in all sides (WLC, AP, OTA, Win10) I saw that every time they reported the issue with the "Connecting" status they were connected, but they weren't finishing the  roaming process between APs. What I mean is that they were sucessfully connected to AP1, and then moving to AP2 they were re-authenticationg with that AP, but then win10 triggers DHCP client to re-validate IP address, and that was failing, and after 3 minutes when Win10 re-authenticates, it worked.

What I have found in my setup with AP in flexconnect mode is that the '***RSN Error' wasn't associated to any of the previous bugs as there weren't any radio crash following the error. Along with that error I was receiving another alerting about 'CAPWAP HW tunnel params changing'.

At the end I have found that adapting the MTU on the site's router to a lower value (that been tested to be working without fragmentation) solved the issue. (I have Meraki MX's in some remote offices and the valid MTU on that end was 1360). Now none of the errors are seen in AP's logs and users are not experiencing any issue.

PD: I have a TAC case open about this, as CAPWAP MTU was constantly changing so reconfiguring CAPWAP tunnel and maybe missing all tunneled traffic such as dot1X frames and that was affecting users during initial connection or roaming.

HTH
-Jesus
*** Please rate helpful responses ***

 

 - Acknowledged, yet for poster since the bug reports mention 8.10.162.0 as a culprit , I would still advice to upgrade : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html  , review document and check if limitations are applicable to your controller model (or not).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank you both for the suggestions. M. - thanks for pointing out the bug I will try the update to 8.10.171.0, because I do have 5520 controllers and we do utilize 802.11ac/ax, and follow up here.

trevormuench
Level 1
Level 1

I have now updated My 5520 wireless controllers and my 3802i Access Points to 

AP Running Image     : 8.10.171.0

Primary Boot Image   : 8.10.171.0

Backup Boot Image    : 8.10.162.0

 

Unfortunately we still have the "Cosmetic" issue of the connecting wifi icon in MacOS. 

 

The Connecting wifi symbol starts "connecting" right after this EAPOL exchange -

Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.4792] [1654705588:479283] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAP_PACKET.Request : Id 0x01 type 1 Identity
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5050] [1654705588:505082] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAP_PACKET.Response : Id 0x01 type 1 Identity
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5051] [1654705588:505134] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAP_PACKET.Response : Id 0x01 type 1 Identity
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5100] [1654705588:510083] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAP_PACKET.Request : Id 0x02 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5233] [1654705588:523371] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAP_PACKET.Response : Id 0x02 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5234] [1654705588:523408] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAP_PACKET.Response : Id 0x02 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5246] [1654705588:524665] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAP_PACKET.Request : Id 0x03 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5314] [1654705588:531400] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAP_PACKET.Response : Id 0x03 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5314] [1654705588:531434] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAP_PACKET.Response : Id 0x03 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5328] [1654705588:532873] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAP_PACKET.Request : Id 0x06 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5355] [1654705588:535584] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAP_PACKET.Response : Id 0x06 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5356] [1654705588:535613] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAP_PACKET.Response : Id 0x06 type 25 Other
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5370] [1654705588:537034] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAP_PACKET.Success : Id 0x06
Jun 8 16:26:28 kernel: [*06/08/2022 16:26:28.5370] [1654705588:537055] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAPOL_KEY.M1 : DescType 0x02 KeyInfo 0x008a
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.6312] [1654705589:631218] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAPOL_KEY.M1 : DescType 0x02 KeyInfo 0x008a
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.7300] [1654705589:730056] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAPOL_KEY.M2 : DescType 0x02 KeyInfo 0x010a
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.7301] [1654705589:730104] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAPOL_KEY.M2 : DescType 0x02 KeyInfo 0x010a
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.7306] [1654705589:730635] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <apr1v1> [D:W] EAPOL_KEY.M3 : DescType 0x02 KeyInfo 0x13ca
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.7322] [1654705589:732230] [af70-ap-1-31] [38:f9:d3:a6:28:9d] < wifi1> [U:W] EAPOL_KEY.M4 : DescType 0x02 KeyInfo 0x030a
Jun 8 16:26:29 kernel: [*06/08/2022 16:26:29.7322] [1654705589:732258] [af70-ap-1-31] [38:f9:d3:a6:28:9d] <wired0> [U:E] EAPOL_KEY.M4 : DescType 0x02 KeyInfo 0x030a

 

It is "working" but is just an annoyance for our employees. Our Radius server is a windows 2012 AD service connected to the wireless controller, maybe something with that is causing this problem ?

 

I have upgraded the WLC to 8.10.173, however still seeing these alerts and we are having frequent wireless disconnects.  Can someone suggest any solution.

Apr 28 17:16:18 kernel: [*04/28/2023 17:16:18.1777]

Apr 28 17:16:18 kernel: [*04/28/2023 17:16:18.1777]  *** RSN ERROR: Received a data frame when no keys are plumbed

Apr 28 17:16:18 kernel: [*04/28/2023 17:16:18.1786]

Hi @itisarunprasadk and @trevormuench ,

did you ever find a resolution to this?

My original Symptom of seeing the MacOS wireless connectivity symbol "disassociate" has been addressed by recent MacOS software updates. In the interim of the last year I have also upgraded my AD to Windows Server 2022 for Radius. However the 

 

#Dec 8 19:16:33 kernel: [*12/08/2023 19:12:33.0669] *** RSN ERROR: Received a data frame when no keys are plumbed
Dec 8 19:16:33 kernel: [*12/08/2023 19:16:33.9635] *** RSN ERROR: Received a data frame when no keys are plumbed

syslog still occurs

Review Cisco Networking for a $25 gift card