Unanswered Question
Mar 7th, 2008

Hi All, i have a Testbed with following Scenario: Intel 4965agn n-Mode, EAP FAST /w AES => AP1252 => WLC4404, Rel. 4.2 => Cisco Secure ACSSE 4.1

The Client is not able to connect to the WLAN. The Controller Message Log shows as follows:

Mar 07 13:11:16.327 1x_kxsm.c:1124 DOT1X-3-WPA_SEND_STATE_ERR: Unable to send EAPOL-key msg - invalid WPA state (0) - client 00:1d:e0:6f:cb:43

The Cisco Secure ACS "Failed Attempts" Report shows: Authentication Failed/ ACS User Unknown. The User is properly configured in ACS.

I checked the Cisco Wireless LAN Controller System Message Guide, it shows:

Error Message %DOT1X-3-WPA_SEND_STATE_ERR: Unable to send EAPOL-key msg - invalid

WPA state ([int]) - client [hex]:[hex]:[hex]:[hex]:[hex]:[hex]

Explanation Client authentication failed because the session was not in the correct state when attempting to send an EAPOL-key message.

Has anybody seen this before and can help me solving my Problem? How can i influence the "Correct WPA Session State"?

Regards, Michael

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
irisrios Thu, 03/13/2008 - 09:43

Some cards needs longer time for WPA synchronization. So increase the timeout value. To do this Click on the Security Tab, Advanced Security tab,Timersand and then go to the EAP Authentication subtab across the top. The control is labelled "Client Timeout". You can also try upgrading the client software to ensure compatibility.

MICHAEL SCHROEDER Thu, 03/13/2008 - 10:35

Hi Member, thanks for your Reply. I tuned the Timers in advance. The Client is the 4965agn with latest ProSet. Rgrds, Michael


This Discussion



Trending Topics - Security & Network