03-08-2012 05:10 AM - edited 07-03-2021 09:45 PM
I'm having problems getting HP iPaqs connected to our wireless network. The iPaqs DO initially authenticate and access the WLAN but when they are not being used for a while or they are restarted they will not reconnect.
The error message on the controller is %DOT1X-3-MAX_EAPOL_KEY_RETRANS:
We use 4400 WLC's and 1242 AP's with mac filtering and WPA2 TKIP.
I have done a debug on one of the MAC addresses and get the following results
(Cisco Controller) >*Mar 06 13:27:32.290: 00:1a:6b:a4:85:0f Sending EAPOL-Key Message to mobile 00:1a:6b:a4:85:0f
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Mar 06 13:27:37.054: 00:1a:6b:a4:85:0f 802.1x 'timeoutEvt' Timer expired for station 00:1a:6b:a4:85:0f
*Mar 06 13:27:37.054: 00:1a:6b:a4:85:0f Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1a:6b:a4:85:0f
*Mar 06 13:27:41.829: 00:1a:6b:a4:85:0f 802.1x 'timeoutEvt' Timer expired for station 00:1a:6b:a4:85:0f
*Mar 06 13:27:41.833: 00:1a:6b:a4:85:0f Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1a:6b:a4:85:0f
*Mar 06 13:27:46.604: 00:1a:6b:a4:85:0f 802.1x 'timeoutEvt' Timer expired for station 00:1a:6b:a4:85:0f
*Mar 06 13:27:46.604: 00:1a:6b:a4:85:0f Retransmit 3 of EAPOL-Key M1 (length 121) for mobile 00:1a:6b:a4:85:0f
*Mar 06 13:27:51.379: 00:1a:6b:a4:85:0f 802.1x 'timeoutEvt' Timer expired for station 00:1a:6b:a4:85:0f
*Mar 06 13:27:51.379: 00:1a:6b:a4:85:0f Retransmit 4 of EAPOL-Key M1 (length 121) for mobile 00:1a:6b:a4:85:0f
*Mar 06 13:27:56.154: 00:1a:6b:a4:85:0f 802.1x 'timeoutEvt' Timer expired for station 00:1a:6b:a4:85:0f
*Mar 06 13:27:56.154: 00:1a:6b:a4:85:0f Retransmit failure for EAPOL-Key M1 to mobile 00:1a:6b:a4:85:0f, retransmit count 5, mscb deauth count 0
*Mar 06 13:27:56.157: 00:1a:6b:a4:85:0f Sent Deauthenticate to mobile on BSSID 00:1a:6c:5f:7c:10 slot 0(caller 1x_ptsm.c:467)
*Mar 06 13:27:56.157: 00:1a:6b:a4:85:0f Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
Can anyone help or explain why this is happening?
Thanks
03-08-2012 06:05 AM
what you are swing is the WLC removing the client because it is eithe not replying ti the EAP request or not hearing it.
If you do a show advanced EAP you'll be able ti see what the timers are set for.
https://supportforums.cisco.com/docs/DOC-12110
You may need ti adjust the timers so that the tag has more time ti respond.
Steve
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide