Guest

Preview Tool

Cisco Bug: CSCuw48488 - 4-way handshake fails on 11r+11w (FT+PMF) WLAN

Last Modified

Dec 04, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

8.0(120.6)

Description (partial)

Symptom:
A client that is both 802.11r (FT) and 802.11w (PMF) capable will fail to complete association on a WLAN configured to support both those features.

The failure is seen upon the 4-way handshake, where the EAPoL-Key M2 message from the client fails validation.

Debug client will show the following errors upon M2 validation:

*Dot1x_NW_MsgTask_2: Sep 28 16:40:51.231: 70:3e:ac:5a:5f:fa Received EAPOL-Key from mobile 70:3e:ac:5a:5f:fa
*Dot1x_NW_MsgTask_2: Sep 28 16:40:51.231: 70:3e:ac:5a:5f:fa Received EAPOL-key in PTK_START state (message 2) from mobile 70:3e:ac:5a:5f:fa
*Dot1x_NW_MsgTask_2: Sep 28 16:40:51.231: 70:3e:ac:5a:5f:fa EAPOL-key M2 with invalid RSN IE received from mobile 70:3e:ac:5a:5f:fa group management cipher mismatch
*Dot1x_NW_MsgTask_2: Sep 28 16:40:51.231: 70:3e:ac:5a:5f:fa EAPOL-key M2 with invalid RSN IE received from mobile 70:3e:ac:5a:5f:fa rxed IE len :38,
             rxed IE length in association:22

Conditions:
WLAN configured for PMF (802.11w) and FT (802.11r).
Client supporting both FT and PMF features.

Related Community Discussions

<key>CSCuw48488</key> - 4-way handshake fails on 11r+11w and40;FT+PMF) WLAN
I have used Cambium AP, with 11r+11w configured on AP, I able to connect iPhone 6.
Latest activity: Mar 22, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.