Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13680
Views
10
Helpful
15
Replies

WLC 5508 Problem in SSID WLAN SSID problem Security police 802.1x

fperalta11
Level 1
Level 1

‎06-22-2018 09:07 PM - edited ‎07-05-2021 08:46 AM

I have wlc 5508 version 8.3.141.0, I have an SSID with 802.1x policy security, the problem is that some APs work fine but in others do not work ek SSID.
2 days ago it was working very well, but then I stopped doing it.
I was looking at the following records
If you can help me
Greetings.

Product Version.................................. 8.3.141.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0

 

AP model AP2802I 

 

sisfSwitcherTask: Jun 22 19:35:17.672: %SISF-6-ENTRY_CREATED: [SA]sisf_shim_utils.c:485 Entry created A=fe80::25a:13ff:feec:2e39 V=181 I=wireless:0 P=0005 M=
*SISF BT Process: Jun 22 19:35:12.814: %SISF-6-ENTRY_DELETED: [SA]sisf_shim_utils.c:482 Entry deleted A=fe80::e658:b8ff:fe6e:15a6 V=181 I=wireless:0 P=0005 M=e4:58:b8:6e:15:a6
*SISF BT Process: Jun 22 19:35:10.214: %SISF-6-ENTRY_DELETED: [SA]sisf_shim_utils.c:482 Entry deleted A=fe80::f68e:92ff:fe06:83b9 V=181 I=wireless:0 P=0005 M=f4:8e:92:06:83:b9


*SISF BT Process: Jun 22 19:35:10.014: %SISF-6-ENTRY_DELETED: [SA]sisf_shim_utils.c:482 Entry deleted A=fe80::e8f:ffff:fe4a:ba4a V=181 I=wireless:0 P=0005 M=0c:8f:ff:4a:ba:4a
*SISF BT Process: Jun 22 19:35:10.014: %LOG-3-Q_IND: [SA]1x_eapkey.c:452 Invalid replay counter from client 14:9d:09:1a:e1:c8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01
Jun 22 19:35:08.733: [UNKNOWN] ews_form.c 3636: ewBuildRepeatForm: repeates exceeds maximum for url: /screens/spam/celldot11a_list.html
Jun 22 19:35:04.044: [UNKNOWN] ews_form.c 3636: ewBuildRepeatForm: repeates exceeds maximum for url: /screens/spam/cell_list.html
*Dot1x_NW_MsgTask_0: Jun 22 19:34:57.875: %DOT1X-3-INVALID_REPLAY_CTR: [SA]1x_eapkey.c:452 Invalid replay counter from client 14:9d:09:1a:e1:c8 - got 00 00 00 00 00 00 00 00, expected 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_1: Jun 22 19:34:57.214: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: [SA]1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client fc:3f:7c:13:25:a1
*Dot1x_NW_MsgTask_1: Jun 22 19:34:57.214: %LOG-6-Q_IND: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_3: Jun 22 19:34:53.478: %APF-6-RADIUS_OVERRIDE_DISABLED: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_4: Jun 22 19:34:47.614: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: [SA]1x_ptsm.c:544 Max EAPOL-key M5 retransmissions exceeded for client 84:38:38:08:03:0c
*Dot1x_NW_MsgTask_4: Jun 22 19:34:46.935: %DOT1X-3-INVALID_REPLAY_CTR: [SA]1x_eapkey.c:452 Invalid replay counter from client 7c:2e:dd:b9:3c:4c - got 00 00 00 00 00 00 00 02, expected 00 00 00 00 00 00 00 03
*Dot1x_NW_MsgTask_4: Jun 22 19:34:46.935: %LOG-6-Q_IND: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_3: Jun 22 19:34:45.483: %APF-6-RADIUS_OVERRIDE_DISABLED: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*apfReceiveTask: Jun 22 19:34:45.416: %APF-4-MOBILESTATION_NOT_FOUND: [SA]apf_ms.c:7398 Could not find the mobile 00:a0:96:6f:af:03 in internal database
*apfMsConnTask_5: Jun 22 19:34:44.601: %APF-4-PROC_ACTION_FAILED: [SA]apf_80211k.c:768 Could not process 802.11 Action. Received RM 11K Action frame through incorrect AP from mobile station. Mobile:FC:3F:7C:13:25:A1.
*Dot1x_NW_MsgTask_4: Jun 22 19:34:41.014: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: [SA]1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client b0:e5:ed:0e:cb:dc
*Dot1x_NW_MsgTask_4: Jun 22 19:34:41.014: %LOG-6-Q_IND: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_5: Jun 22 19:34:34.353: %APF-6-RADIUS_OVERRIDE_DISABLED: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_3: Jun 22 19:34:25.414: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: [SA]1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 00:a0:96:6f:af:03
*Dot1x_NW_MsgTask_3: Jun 22 19:34:25.414: %LOG-6-Q_IND: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4
*Dot1x_NW_MsgTask_6: Jun 22 19:34:20.779: %APF-6-RADIUS_OVERRIDE_DISABLED: [SA]apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4

 

 

4 people had this problem
Labels:
0 Helpful
15 Replies 15

Scott Fella
Hall of Fame
Hall of Fame

‎06-22-2018 10:07 PM

Does your SSID have both WPA/TKIP and WPA2/AES? If so, then that’s what causing your issue. You should just have WPA2/AES.
-Scott
*** Please rate helpful posts ***
0 Helpful

fperalta11
Level 1
Level 1
In response to Scott Fella

‎06-23-2018 06:06 AM

SSID    XX

Security Policies  802.1x

 

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to fperalta11

‎06-23-2018 08:46 AM

That is incomplete. Post the show wlan <wlan id>

 

You have to have either WPA or WPA2 with 802.1x

-Scott
*** Please rate helpful posts ***
0 Helpful

Pangberry
Level 1
Level 1

‎06-27-2018 02:49 AM - edited ‎06-27-2018 02:50 AM

I still have same issue. Dose anyone have solution to fixed it?

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Pangberry

‎06-27-2018 06:57 AM

Post the show wlan <wlan id>
0 Helpful

Surendra BG
Cisco Employee
Cisco Employee
In response to Pangberry

‎06-27-2018 07:12 PM

what is the client mac addr who is failing? and did we run debug client on the WLC for that failing mac addr ?

Regards
Surendra BG
0 Helpful

EvgenyG
Level 1
Level 1

‎10-24-2018 06:05 AM

same for me... tried playing with EAP timers....not help
0 Helpful

orvain-l
Level 1
Level 1
In response to EvgenyG

‎12-18-2018 07:23 AM

Same behavior here. *apfReceiveTask: Dec 18 15:57:30.935: %APF-4-MOBILESTATION_NOT_FOUND: [SA]apf_ms.c:7153 Could not find the mobile axx:xx:xx:xx:xx in internal database

0 Helpful

Flavio Miranda
VIP
VIP

‎12-19-2018 05:20 AM

Hi

  You should provide more information here but I can do some assumption based on what you provided. In order to you face problem with radius authentication in different APs like that,  I´m assuming that those AP are in different groups or might be anything different among them in terms of configuration. 

  One messagen that calls my attention is "ewBuildRepeatForm: repeates exceeds maximum for url: /screens/spam/celldot11a_list.html"

 I´ve not seeing this message in pure AAA process. Are you using any kind of web portal? 

0 Helpful

EvgenyG
Level 1
Level 1
In response to Flavio Miranda

‎12-19-2018 11:38 PM 

*apfReceiveTask: Dec 20 10:18:53.651: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile 20:47:da:35:b7:0d in internal database
*Dot1x_NW_MsgTask_3: Dec 20 10:18:50.664: %APF-6-USER_NAME_CREATED: apf_ms.c:8527 Username entry (hq\egrinyuk) with length (253) created for mobile 74:da:38:bd:1f:63 
*Dot1x_NW_MsgTask_6: Dec 20 10:18:44.391: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 64:70:33:02:11:5e
*Dot1x_NW_MsgTask_6: Dec 20 10:18:41.374: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4 
*apfReceiveTask: Dec 20 10:18:37.424: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile d4:90:9c:76:09:92 in internal database
*apfReceiveTask: Dec 20 10:18:35.191: %APF-6-USER_DEL_FAILED: apf_ms.c:8577 Unable to delete username host/SAR027.hq.icfed.com for mobile 8c:70:5a:f8:f0:e4 
*Dot1x_NW_MsgTask_5: Dec 20 10:18:33.591: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 20:47:da:35:b7:0d
*Dot1x_NW_MsgTask_5: Dec 20 10:18:27.191: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 20:47:da:35:b7:0d
*Dot1x_NW_MsgTask_5: Dec 20 10:18:20.991: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 20:47:da:35:b7:0d
*apfMsConnTask_3: Dec 20 10:18:17.568: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:6740 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:74:E5:F9:0A:05:AF, Category:7.
*Dot1x_NW_MsgTask_2: Dec 20 10:18:17.391: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client d4:90:9c:76:09:92
*Dot1x_NW_MsgTask_2: Dec 20 10:18:01.591: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client d4:90:9c:76:09:92
*apfReceiveTask: Dec 20 10:17:56.794: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile 88:e9:fe:86:8d:10 in internal database
*apfReceiveTask: Dec 20 10:17:56.791: %APF-6-USER_NAME_DELETED: apf_ms.c:8330 Username entry (amedia\a.ryzhov) is deleted for mobile 88:e9:fe:86:8d:10 
*Dot1x_NW_MsgTask_3: Dec 20 10:17:47.466: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:210 Radius overrides disabled, ignoring source 4 
*Dot1x_NW_MsgTask_2: Dec 20 10:17:42.791: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client d4:90:9c:76:09:92
*apfMsConnTask_3: Dec 20 10:17:37.958: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:6740 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:74:E5:F9:07:D6:EA, Category:7.
*apfReceiveTask: Dec 20 10:17:35.823: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile b0:c5:54:0e:c3:7a in internal database
*apfMsConnTask_3: Dec 20 10:17:35.785: %APF-4-INVALID_ACTION_CATEGORY: apf_wme_utils.c:6740 Could not process 802.11 Action. Received Action frame with invalid category field(not supported by controller) from client. Mobile:74:E5:F9:07:D8:25, Category:7.
*apfReceiveTask: Dec 20 10:17:31.829: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile 5c:51:81:25:45:e7 in internal database
*apfReceiveTask: Dec 20 10:17:30.221: %APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile 04:b1:67:2c:e7:f2 in internal database
*Dot1x_NW_MsgTask_0: Dec 20 10:17:22.040: %APF-6-USER_NAME_CREATED: apf_ms.c:8527 Username entry (host/SAR006.hq.icfed.com) with length (253) created for mobile 8c:70:5a:f8:4c:98 
*Dot1x_NW_MsgTask_7: Dec 20 10:17:11.791: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 5c:51:81:25:45:e7
*Dot1x_NW_MsgTask_2: Dec 20 10:17:10.191: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 04:b1:67:2c:e7:f2
*Dot1x_NW_MsgTask_2: Dec 20 10:17:03.991: %DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:544 Max EAPOL-key M1 retransmissions exceeded for client 04:b1:67:2c:e7:f2
(Cisco Controller) >show wlan 1


WLAN Identifier.................................. 1
Profile Name..................................... WiFi MSK HQ ACCESS
Network Name (SSID).............................. -=ActionMCFR=-
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Client Profiling Status
    Radius Profiling ............................ Enabled
     DHCP ....................................... Enabled
     HTTP ....................................... Enabled
    Local Profiling ............................. Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum Clients Allowed.......................... Unlimited
Maximum number of Clients per AP Radio........... 200

--More-- or (q)uit
ATF Policy....................................... 0
Number of Active Clients......................... 4
Exclusionlist.................................... Disabled
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... none
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi_mcfr_network
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
WLAN URL ACL..................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
Tunnel Profile................................... Unconfigured

--More-- or (q)uit
PMIPv6 Mobility Type............................. none
    PMIPv6 MAG Profile........................... Unconfigured
    PMIPv6 Default Realm......................... Unconfigured
    PMIPv6 NAI Type.............................. Hexadecimal
    PMIPv6 MAG location.......................... WLC
Quality of Service............................... Platinum
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled

--More-- or (q)uit
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=6)
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11a only
DTIM period for 802.11a radio.................... 6
DTIM period for 802.11b radio.................... 6
Radius Servers
   Authentication................................ 10.0.64.6 1812 *
   Authentication................................ 10.0.64.157 1812 *
   Accounting.................................... 10.0.64.6 1813 *
   Accounting.................................... 10.0.64.157 1813 *
      Interim Update............................. Disabled
      Interim Update Interval.................... 0
      Framed IPv6 Acct AVP ...................... Prefix
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
LDAP Servers
   Server 1...................................... 10.0.64.6 389
   Server 2...................................... 10.0.64.157 389
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled

--More-- or (q)uit
Mu-Mimo.......................................... Enabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Adaptive
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
         CCMP256 Cipher.......................... Disabled
         GCMP128 Cipher.......................... Disabled
         GCMP256 Cipher.......................... Disabled
      OSEN IE.................................... Disabled
      Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled

--More-- or (q)uit
         PMF-PSK(802.11w)........................ Disabled
         OSEN-1X................................. Disabled
         SUITEB-1X............................... Disabled
         SUITEB192-1X............................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web Authentication Timeout.................... 300
   Web-Passthrough............................... Disabled
   Mac-auth-server............................... 0.0.0.0
   Web-portal-server............................. 0.0.0.0
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Disabled
   FlexConnect Central Association............... Disabled
   flexconnect Central Dhcp Flag................. Disabled

--More-- or (q)uit
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   flexconnect PPPoE pass-through................ Disabled
   flexconnect local-switching IP-source-guar.... Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Disabled
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
   Eap-params.................................... Enabled
      EAP-Identity-Request Timeout (seconds)..... 45
      EAP-Identity-Request Max Retries........... 5
      EAP-Request Timeout (seconds).............. 35
      EAP-Request Max Retries.................... 5
      EAPOL-Key Timeout (milliseconds)........... 3000
      EAPOL-Key Max Retries...................... 3
AVC Visibilty.................................... Enabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel Configuration

--More-- or (q)uit
    Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Enabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Enabled
802.11v BSS Max Idle Service..................... Enabled
802.11v BSS Transition Service................... Enabled
802.11v BSS Transition Disassoc Imminent......... Disabled
802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled
Broadcast Tagging................................ Disabled

 Mobility Anchor List

--More-- or (q)uit
 WLAN ID     IP Address            Status                             Priority
 -------     ---------------       ------                             --------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority  Policy Name
--------  ---------------

Lync State ...................................... Disabled
Audio QoS Policy................................. Silver
Video QoS Policy................................. Silver
App-Share QoS Policy............................. Silver
File Transfer QoS Policy......................... Silver
QoS Fastlane Status.............................. Disable
Selective Reanchoring Status..................... Disable
0 Helpful

aeccles
Level 1
Level 1
In response to EvgenyG

‎12-10-2019 07:18 AM

Did you ever solve this issue?

0 Helpful

Matej.Ciso
Level 1
Level 1

‎02-11-2021 09:17 PM

I would like to know the answer.

Ric Beeching
Level 7
Level 7
In response to Matej.Ciso

‎02-11-2021 11:43 PM

Just guessing from the above replies:

 

Firstly the bootloader version in the original post is 6.0.182.0 which is very old/unstable - if you have the same issue (on a 5508 WLC do show sysinfo) then upgrade the firmware.

 

Secondly I'm wondering if LDAP is potentially involved here as there are some LDAP servers defined in teh config above.

 

Can you share any info on your setup if you are having the same issue Matej?

-----------------------------
Please rate helpful / correct posts
0 Helpful

Matej.Ciso
Level 1
Level 1
In response to Ric Beeching

‎02-16-2021 01:11 AM

Hello,

 

I just came to point where this log interests me:

 

Received EAPOL-key M2 with invalid MIC from mobile <mac> version 3

 

My setup is WLC 5520 with 

software 8.10.142.0

bootloader 8.3.15.177

WPA2-ENT with ISE

 

But it seems it is a problem on client side this time.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card