Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wireless issue on some clients

Dear Community,

I have a problem with a WLC5508 that i've upgraded from 7.0.112.21 to 7.5.

Every thing was running fine for one 3 days, but now i have some issues with my main SSID.

the configuration of this SSID :

Radio Policy : All

Security Policies : [WPA+WPA2] [Auth(802.1X))

Authentication, no accounting

The problem : some of my clients are not able to connect anymore since they are not authenticated anymore. but some of them are still working (5% of client are working.

On my laptop, the authentication is working fine ON THE AP I WAS CONNECTED BEFORE THE ISSUE. if i try to roam, it doesn't work anymore. if i come back to the previous access point, i need to disconnect/connect to the WLAN and it works again...

Here are the logs (WebUI : Management > logs)

*Dot1x_NW_MsgTask_0: Nov 14 13:04:17.133: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 18:3d:a2:39:1c:10

*Dot1x_NW_MsgTask_0: Nov 14 13:04:16.003: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client 18:3d:a2:39:1c:10

*Dot1x_NW_MsgTask_0: Nov 14 13:03:42.133: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 18:3d:a2:38:53:50

*Dot1x_NW_MsgTask_0: Nov 14 13:03:41.100: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 18:3d:a2:38:53:50

*Dot1x_NW_MsgTask_0: Nov 14 13:02:54.933: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 18:3d:a2:2d:c3:68

*Dot1x_NW_MsgTask_0: Nov 14 13:02:53.752: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 18:3d:a2:2d:c3:68

*apfMsConnTask_2: Nov 14 13:02:48.911: #APF-3-AID_UPDATE_FAILED: apf_80211.c:9699 Error updating Association ID for REAP AP Clientb8:62:1f:41:66:c0 - AID 1

*apfMsConnTask_2: Nov 14 13:02:48.911: #LWAPP-3-INVALID_AID2: spam_api.c:1373 Association identifier 1 for client 58:94:6b:00:72:74 is already in use by 60:67:20:b1:c3:2c

*Dot1x_NW_MsgTask_4: Nov 14 13:02:04.534: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 60:67:20:69:30:b4

*Dot1x_NW_MsgTask_4: Nov 14 13:02:03.512: #DOT1X-3-INVALID_WPA_KEY_MSG_

STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 40, Key type 1, client 60:67:20:69:30:b4

*apfMsConnTask_5: Nov 14 13:00:38.701: #APF-3-AID_UPDATE_FAILED: apf_80211.c:9699 Error updating Association ID for REAP AP Clientb8:62:1f:41:51:80 - AID 1

*apfMsConnTask_5: Nov 14 13:00:38.701: #LWAPP-3-INVALID_AID2: spam_api.c:1373 Association identifier 1 for client 60:67:20:b1:c1:54 is already in use by 60:67:20:69:31:2a

I'll send more debugging soon.

  • Getting Started with Wireless
6 REPLIES
Hall of Fame Super Silver

Re: Wireless issue on some clients

Post your show WLAN

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
VIP Purple

Wireless issue on some clients

Hi,

1.

Client 18:3d:a2:39:1c:10

Received invalid EAPOL-key M2 msg in START  state - invalid secure bit; KeyLen 24, Key type 1, client

Resolution: Client authentication failed because of an authentication protocol error between the client and access point. Recommended Action    If the problem persists, try upgrading the client driver software or using different client software to isolate the cause

2.

Client 58:94:6b:00:72:74,60:67:20:b1:c3:2c,60:67:20:b1:c1:54,60:67:20:69:31:2a

Association identifier 1 for client 58:94:6b:00:72:74 is already in use by 60:67:20:b1:c3:2c

Please check the DHCP scope range: May be there are more DHCP client then defined in DHCP scope.

Duplicate and invalid association identifier entries for FlexConnect clients.

or

your switch port configuration at the WLC. You have blocked vlans coming from the remote site. Remember that the APs will still need to reach the WLC even if you are running flexconnect.

3.

Client b8:62:1f:41:66:c0, b8:62:1f:41:51:80

Error updating Association ID for REAP AP Clientb8:62:1f:41:66:c0 - AID 1

Failed to update Association ID for REAP AP client.

Reagrds

New Member

Re: Wireless issue on some clients

Hi all!

And very thanks you for your prompt reply!

you'll see the sh wlan in the attached file.

Morever, i used the WLC Config analyser to check the configuration, on many AP's i got the following message :

60014,RF: AP has  channel utilization for 2.4 GHz radio higher than a threshold of 29%. Effect depends on RF conditions

Regarding the DHCP, i've allready check the servers, the scope is 5% used.

I've also check the switch configuration on WLC and on each AP's but every thing is ok.

One more information, on the same AP, some client works and some others dont work.

In the other attached file, you'll see the roaming of a client : At the beggining client is successfully connected, then it's limited access ... after the client comes back to the previous access point and it works fine.

I've update the drivers.

Best regards !

Hall of Fame Super Gold

Wireless issue on some clients

I have a problem with a WLC5508 that i've upgraded from 7.0.112.21 to 7.5.

Did you upgrade the FUS?

New Member

Re: Wireless issue on some clients

Hi,

Yes the FUS was upgraded too, version 1.7.0

I've to say that i've upgraded the software+FUS last saturday (09/11) and that every thing was working fine for 5 days (Wednesday 13)

...

Best regards!

New Member

Hi, About:*apfMsConnTask_5:

Hi,

 

About:

*apfMsConnTask_5: Nov 14 13:00:38.701: #APF-3-AID_UPDATE_FAILED: apf_80211.c:9699 Error updating Association ID for REAP AP Clientb8:62:1f:41:51:80 - AID 1

*apfMsConnTask_5: Nov 14 13:00:38.701: #LWAPP-3-INVALID_AID2: spam_api.c:1373 Association identifier 1 for client 60:67:20:b1:c1:54 is already in use by 60:67:20:69:31:2a

 

I think you hiting bug : CSCtn52995.

Should be repaired in 7.6.x

 

HTH

1146
Views
0
Helpful
6
Replies
This widget could not be displayed.