I'm working on with a customer on a 2106 controller with 1130 series ap's. Everyting seems fine until the client does a reauthentication. At this point the clients send a stream of authentication attempts to the RADIUS server (40 or so a second). The RADIUS (Microsoft IAS) is passing the authetication. The Controller has the error: DOT1X-1-INVALID_WPA_KEY_STATE: Received EAPOL-key message while in invalid state (0) - version 1, type 3, descriptor 254 with the mac address of the offending client in the log, at the same rate of the authentication storm. The clients have current drivers. We are using the Microsoft supplicant and have the Microsoft updates (SP2 and relevant wireless patches) installed.
I'm currently testing using the Intel supplicant, but have not been doing it long enough to see if it is an issue with that supplicant.