Cisco Bug: CSCvs19137 - Authentication failure EAP timeout on a Cisco 1852 AP with data DTLS encryption enabled
May 29, 2020
- Cisco Aironet 1850 Series Access Points
Known Affected Releases
Symptom: - Dot1x clients will not be able to join on an 1852 AP - 1700/2700/3700 are not facing the issue - EAP timeout messages will be reported in the WLC debugs *Dot1x_NW_MsgTask_6: Nov 21 11:57:31.991: 11:11:11:11:11:11 Sending EAP Request from AAA to mobile 11:11:11:11:11:11 (EAP Id 175) *apfMsConnTask_4: Nov 21 11:58:01.821: 11:11:11:11:11:11 Ignoring received Dissoc frame on AP 11:11:11:11:11:11 slot 1 *osapiBsnTimer: Nov 21 11:58:02.565: 11:11:11:11:11:11 802.1x 'timeoutEvt' Timer expired for station 11:11:11:11:11:11 and for message = M0 *Dot1x_NW_MsgTask_6: Nov 21 11:58:02.565: 11:11:11:11:11:11 Retransmit 1 of EAP-Request (length 1012) for mobile 11:11:11:11:11:11 *osapiBsnTimer: Nov 21 11:58:33.169: 11:11:11:11:11:11 802.1x 'timeoutEvt' Timer expired for station 11:11:11:11:11:11 and for message = M0 Conditions: - COS APs which uses SW encryption/decryptions. - dot1x security used - WLC, CAPWAP fragments the EAPOL Server hello packets into 3 frames and Also,it sends in out of order.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases