Guest

Preview Tool

Cisco Bug: CSCvs19137 - Authentication failure EAP timeout on a Cisco 1852 AP with data DTLS encryption enabled

Last Modified

May 29, 2020

Products (1)

  • Cisco Aironet 1850 Series Access Points

Known Affected Releases

8.5(151.9)

Description (partial)

Symptom:
- Dot1x clients will not be able to join on an 1852 AP
- 1700/2700/3700 are not facing the issue
- EAP timeout messages will be reported in the WLC debugs

*Dot1x_NW_MsgTask_6: Nov 21 11:57:31.991: 11:11:11:11:11:11 Sending EAP Request from AAA to mobile 11:11:11:11:11:11 (EAP Id 175)  
*apfMsConnTask_4: Nov 21 11:58:01.821: 11:11:11:11:11:11 Ignoring received Dissoc frame on AP 11:11:11:11:11:11 slot 1 
*osapiBsnTimer: Nov 21 11:58:02.565: 11:11:11:11:11:11 802.1x 'timeoutEvt' Timer expired for station 11:11:11:11:11:11 and for message = M0
*Dot1x_NW_MsgTask_6: Nov 21 11:58:02.565: 11:11:11:11:11:11 Retransmit 1 of EAP-Request (length 1012) for mobile 11:11:11:11:11:11
*osapiBsnTimer: Nov 21 11:58:33.169: 11:11:11:11:11:11 802.1x 'timeoutEvt' Timer expired for station 11:11:11:11:11:11 and for message = M0

Conditions:
- COS APs which uses SW encryption/decryptions.
- dot1x security used
- WLC,  CAPWAP fragments the EAPOL Server hello packets into 3 frames and Also,it sends in out of order.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.