IoT devices can't authenticate to Meraki APs

Comes here often

IoT devices can't authenticate to Meraki APs

I have an issue at a site which has ~60 IoT devices which are required to be on 24/7. The network has a total of 11 Meraki MR56s (FW version: MR27.5.1), and the network the IoT devices are connected to uses WPA2-PSK authentication. I have about 10 of these 60 devices which either can't connect at all, or connect for only a few minutes a day. The issue seems to be that the client IoT device successfully associates, then tries to authenticate but the authentication times out after 10 seconds (and says 'wlan0: Request to deauthenticate .... reason=3 state=ASSOCIATED'). Additionally, the client device hops around trying to connect to different APs, some which are quite far away. I've verified that passwords and everything are correct. 

We've tried a 5GHz only network, 2.4 GHz only network, replacing devices, setting static IPs, increasing the device DNS resolution timeout (which after further investigation I don't think was relevant). blacklisting certain BSSIDs (which isn't a practical long-term solution), disabling load-balancing, band-steering, and traffic shaping. Bandwidth minimums are on to prevent 802.11b devices, and client device packet captures don't indicate anything unusual that I can see (but I'm not an expert at understanding packet capture data). 

Anyone have any suggestions about how to either pinpoint why authentication is failing or improve performance? 

Kind of a big deal
Kind of a big deal

It sounds like you have done an awful lot of troubleshooting already which is good. I would contact support and ask if they can have a look at your logs as support are able to view logs in a debug fashion as opposed to the informative view end users receive. 

Thanks! Do you happen to know if Meraki support would be able to tell whether or not the AP sent an acknowledgement of the client's authentication request? I think this is the piece I'm missing but unfortunately I'm not the person that deals with Meraki support so I just want to make sure I'm clear on what I'm looking for. 

Head in the Cloud

Meraki support can see much more data  about devices than what the Dashboard shows.


I recommend sending along you posts here including you question about client's authentication request.

Dave Anderson
Kind of a big deal
Kind of a big deal

@ErikaT I'd also upgrade to 27.6 as that fixed some issues in WPA SSID association.  I've upgraded ~100 APs to it and they seem to be working well so far.

Building a reputation

You seem to have done every bit of troubleshooting possible. Let us know what the problem turned out to be if they figure it out...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.