Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Users getting disconnected from wireless

Hello,

 

We are having issues of users getting disconnected from wireless. While the clients do reconnect, it is breaking their sessions and is a big headache. Looking at my WLC logs, there seems to be a common theme in the logs:

 

*Dot1x_NW_MsgTask_4: Jun 09 14:46:57.901: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:46:56.869: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:45:00.526: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:44:59.408: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:37.540: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_0: Jun 09 14:44:36.456: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 40, Key type 1, client <mac address>
*Dot1x_NW_MsgTask_4: Jun 09 14:43:20.335: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:843 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 24, Key type 1, client <mac address>

 

Now the kicker is, there used to be no WLC at the site, the same AP's at the site just operated in autonomous mode, and this was never an issue. For some reason, introducing the controller into the equation has caused the problems. I've checked out the NPS (Running on Windows Server) and it just shows an "audit success" so I don't see anything bad there, although there are two "audit success" logs, one that says "Network Policy Server granted access to a user." and one that says "Network Policy Server granted full access to a user because the host met the defined health policy."

 

Anyone know what could be causing this?

Everyone's tags (3)
6 REPLIES
Gold

Hi Martin,Which model of WLC

Hi Martin,

Which model of WLC are you using? And what version of image running on the same?

Also are you using 802.1x or PSK authentication method?

For what type of witless client device you are seeing above logs?

Regards

Najaf

 

New Member

Sorry, should have posted

Sorry, should have posted that. This is a 2504 WLC, running software version 7.0.220.0. Currently we are using WPA2 - AES with 802.1x.

Gold

Hi,What type of wireless

Hi,

What type of wireless client device you are seeing above logs? Are these windows 7 machines?

Regards

Najaf

New Member

Yes, primarily all Windows 7

Yes, primarily all Windows 7 machines, however some of our users (including myself) see the same disconnections using devices like cell phones and so forth.

 

Just a note, as a test, I have upgraded the driver software on some of the machines of users who reported the problem, however it hasn't seemed to help.

Gold

Hi,The above error is mainly

Hi,

The above error is mainly due to bad drivers on the client device. M2 message is suppose to come from client and it is sending a value which is not agreed by WLC. First thing you need to verify is are you getting the same message for all the clients during the disconnection time. 

Other option is to upgrade your wlc to 7.4.121.0 which is more stable and has lot of bugs fixed.

Hope that helps

Regards

Najaf

New Member

Thanks for your replies. I

Thanks for your replies. I have updated the drivers of client machines and WLC and continue to experience the same issues. Interestingly enough, it seems these errors seem to happen at exact 30 minute intervals. We have 2106 controllers which show the same error messages as well, also at 30 minute intervals.

295
Views
0
Helpful
6
Replies