Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
6
Replies

Users getting disconnected from wireless

dmartin04
Level 1
Level 1

‎06-09-2014 08:36 AM - edited ‎07-05-2021 12:58 AM

Hello,

 

We are having issues of users getting disconnected from wireless. While the clients do reconnect, it is breaking their sessions and is a big headache. Looking at my WLC logs, there seems to be a common theme in the logs:

 

*Dot1x_NW_MsgTask_4: Jun 09 14:46:57.901: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:46:56.869: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:45:00.526: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:44:59.408: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:37.540: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:36.456: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:43:20.335: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 24, Key type 1, client <mac address>

 

Now the kicker is, there used to be no WLC at the site, the same AP's at the site just operated in autonomous mode, and this was never an issue. For some reason, introducing the controller into the equation has caused the problems. I've checked out the NPS (Running on Windows Server) and it just shows an "audit success" so I don't see anything bad there, although there are two "audit success" logs, one that says "Network Policy Server granted access to a user." and one that says "Network Policy Server granted full access to a user because the host met the defined health policy."

 

Anyone know what could be causing this?

Labels:
0 Helpful
6 Replies 6

kcnajaf
Level 7
Level 7

‎06-09-2014 10:21 AM

Hi Martin,

Which model of WLC are you using? And what version of image running on the same?

Also are you using 802.1x or PSK authentication method?

For what type of witless client device you are seeing above logs?

Regards

Najaf

 

0 Helpful

dmartin04
Level 1
Level 1
In response to kcnajaf

‎06-09-2014 10:40 AM

Sorry, should have posted that. This is a 2504 WLC, running software version 7.0.220.0. Currently we are using WPA2 - AES with 802.1x.

0 Helpful

kcnajaf
Level 7
Level 7
In response to dmartin04

‎06-09-2014 10:58 AM

Hi,

What type of wireless client device you are seeing above logs? Are these windows 7 machines?

Regards

Najaf

0 Helpful

dmartin04
Level 1
Level 1
In response to kcnajaf

‎06-09-2014 11:07 AM

Yes, primarily all Windows 7 machines, however some of our users (including myself) see the same disconnections using devices like cell phones and so forth.

 

Just a note, as a test, I have upgraded the driver software on some of the machines of users who reported the problem, however it hasn't seemed to help.

0 Helpful

kcnajaf
Level 7
Level 7
In response to dmartin04

‎06-09-2014 11:34 AM

Hi,

The above error is mainly due to bad drivers on the client device. M2 message is suppose to come from client and it is sending a value which is not agreed by WLC. First thing you need to verify is are you getting the same message for all the clients during the disconnection time. 

Other option is to upgrade your wlc to 7.4.121.0 which is more stable and has lot of bugs fixed.

Hope that helps

Regards

Najaf

0 Helpful

dmartin04
Level 1
Level 1
In response to kcnajaf

‎06-17-2014 06:10 AM

Thanks for your replies. I have updated the drivers of client machines and WLC and continue to experience the same issues. Interestingly enough, it seems these errors seem to happen at exact 30 minute intervals. We have 2106 controllers which show the same error messages as well, also at 30 minute intervals.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card