06-09-2014 08:36 AM - edited 07-05-2021 12:58 AM
Hello,
We are having issues of users getting disconnected from wireless. While the clients do reconnect, it is breaking their sessions and is a big headache. Looking at my WLC logs, there seems to be a common theme in the logs:
*Dot1x_NW_MsgTask_4: Jun 09 14:46:57.901: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:46:56.869: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:45:00.526: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:44:59.408: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:37.540: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:36.456: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:43:20.335: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START state - invalid secure bit; KeyLen 24, Key type 1, client <mac address>
Now the kicker is, there used to be no WLC at the site, the same AP's at the site just operated in autonomous mode, and this was never an issue. For some reason, introducing the controller into the equation has caused the problems. I've checked out the NPS (Running on Windows Server) and it just shows an "audit success" so I don't see anything bad there, although there are two "audit success" logs, one that says "Network Policy Server granted access to a user." and one that says "Network Policy Server granted full access to a user because the host met the defined health policy."
Anyone know what could be causing this?
06-09-2014 10:21 AM
Hi Martin,
Which model of WLC are you using? And what version of image running on the same?
Also are you using 802.1x or PSK authentication method?
For what type of witless client device you are seeing above logs?
Regards
Najaf
06-09-2014 10:40 AM
Sorry, should have posted that. This is a 2504 WLC, running software version 7.0.220.0. Currently we are using WPA2 - AES with 802.1x.
06-09-2014 10:58 AM
Hi,
What type of wireless client device you are seeing above logs? Are these windows 7 machines?
Regards
Najaf
06-09-2014 11:07 AM
Yes, primarily all Windows 7 machines, however some of our users (including myself) see the same disconnections using devices like cell phones and so forth.
Just a note, as a test, I have upgraded the driver software on some of the machines of users who reported the problem, however it hasn't seemed to help.
06-09-2014 11:34 AM
Hi,
The above error is mainly due to bad drivers on the client device. M2 message is suppose to come from client and it is sending a value which is not agreed by WLC. First thing you need to verify is are you getting the same message for all the clients during the disconnection time.
Other option is to upgrade your wlc to 7.4.121.0 which is more stable and has lot of bugs fixed.
Hope that helps
Regards
Najaf
06-17-2014 06:10 AM
Thanks for your replies. I have updated the drivers of client machines and WLC and continue to experience the same issues. Interestingly enough, it seems these errors seem to happen at exact 30 minute intervals. We have 2106 controllers which show the same error messages as well, also at 30 minute intervals.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide