Clients can not connect : Reason (Code 102) EAPoL handshake error

Seeger
Here to help

Clients can not connect : Reason (Code 102) EAPoL handshake error

Hi,

i have Clients that cant cconect any more (previosly well connected) this happens perodicly.
in the timeline and event Log is see Messages like:

client XXXXX had a failed connection to SSID YYYYYY on access point ap27 during authentication. Meraki Reason (Code 102) EAPoL handshake error

This is not depending on the Client. Other Clients with the same PSK (using Identity PSK without RADIUS) allso can not log in any more with this PSK once the first time message hase show up..

Rebooting the AP or waiting 2-6h fixes the Problem.

Hase anyone seen this or can give a hint why this may happen ?

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

Is the 802.11r enabled?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Seeger
Here to help

Yes, 802.11r is on. But it was my first guess the Problem remains with 802.11r off (First Test).
Band Steering and Client Balacing is allso on.

GIdenJoe
Kind of a big deal
Kind of a big deal

Your AP's are storing all the PSK's and doing the brute force on each key to be able to come to the correct one to continue the 4 way handshake.  If you are getting issues with certain clients using key 1 and other clients using the same key don't have the issue you could be running into a bug on the AP and maybe you should retry after rebooting the AP.  Maybe check if you have a recent update.

Seeger
Here to help

All users have its own unique PSK (using Identity PSK without RADIUS).
It is not client dependend a Test device allso cant log in any more.
The same Device on other SSID Can log in to the AP at the same time witout Problem.
Version is the latest i can install MR 30.5. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels