Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%DOT1X-3-MAX_EAPOL_KEY_RETRANS messages

I habe been seeing lots of this message on WLC log.

All of them refer to mobile phones.

*dot1xMsgTask: Mar 25 16:57:27.787: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M1 retransmissions exceeded for client 8c:00:6d:5c:4e:35

Is it necessary a specific configuration for mobile phones ?

 

  • Other Wireless - Mobility Subjects
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

this is the most probably

this is the most probably cause of this message , as this message indicate that the M1 message of the eapol-key messages exchange is not receivd to the client as the client is not replying to these messages, the eapol messages are the 4-way-handshake of the WPA/WPA2 key management

Cisco Employee

the M1 and M5 are exchange

the M1 and M5 are exchange messages of the handshake messages , 

 

the perpuse of these messages is to generate the PMK of the client, the clinet and the WLC exchange some messages to generate this key , M1 and M5 are one of these messages,

 

in a technical perspective there is no difference as we can't do or change in these messages , as these messages are a standard 

 

 

19 REPLIES
Cisco Employee

can you share , show WLAN <id

can you share , show WLAN <id>

New Member

In fact i do not have a

In fact i do not have a specific wlan for mobile phones.

I have a wlan where all wi-fi clients can login

(Cisco Controller) >show wlan 1


WLAN Identifier.................................. 1
Profile Name..................................... impa-nwl
Network Name (SSID).............................. impa-nwl
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 105
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wifi-clients
Multicast Interface.............................. Not Configured

WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Disabled
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Enabled
         TKIP Cipher............................. Enabled
         AES Cipher.............................. Enabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Enabled
         AES Cipher.............................. Enabled
   Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT(802.11r)............................. Disabled
         FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CCKM tsf Tolerance............................... 1000
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Local Authentication................... Disabled
   H-REAP Learn IP Address....................... Enabled
   Client MFP.................................... Optional
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------

 

Cisco Employee

ok the configuration of this

ok the configuration of this WLAN is not recommended , use either WPA+TKIP or WPA2+AES,

 

using a combination of WPA WPA2 TKIP AES , may cause confusing for some clients.

 

New Member

Is this the cause of the

Is this the cause of the message?
 

Cisco Employee

this is the most probably

this is the most probably cause of this message , as this message indicate that the M1 message of the eapol-key messages exchange is not receivd to the client as the client is not replying to these messages, the eapol messages are the 4-way-handshake of the WPA/WPA2 key management

New Member

Tks

Tks

Cisco Employee

welcome

welcome

New Member

After enabling only WPA + AES

After enabling only WPA + AES I still have

%DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M3

%DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:444 Max EAPOL-key M5

Have I  do enable WPA2 + AES too? booth of then?

I thought those msgs would desapear after WPA + AES (only)  reconfiguration

 

VIP Purple

Hiyour error coming because

Hi

your error coming because:

the Client is not responding to the WPA M1 To M4 handshake..

1>> Check the client settings

2>> Upgrade the client driver to the latest and see if that helps.

 

Regards

 

3478
Views
10
Helpful
19
Replies
This widget could not be displayed.