IOS - Invalid_PMKID

RaphaelL
Kind of a big deal
Kind of a big deal

IOS - Invalid_PMKID

Hi, 

 

We have recently configured a SSID using 802.1X and 802.11r is enabled. 

 

Upon looking at all the connection logs and keeping an eye on the Wireless Health , I have been able to observe that we are now having lots of events of that type :

 

auth_mode='wpa2-802.1x' ft='1' reason='invalid_pmkid' radio='1' vap='0' channel='40' rssi='36'

 

We are using MR36 and the firmware version tested are 27.7.1 and 28.5.

 

Most of these logs are from mobile IOS devices running IOS 12+++. Dashboard says the devices are 802.11r capable.

 

1- Do you think that 802.11r in adaptive mode will help ?

2- I have noticed that 28.6 seems to have fixed issues with pmk , I might try that one. 

 

Has anyone come across that ?

 

Thanks , 

9 Replies 9
RaphaelL
Kind of a big deal
Kind of a big deal

Bumping my thread. Any Wifi guru here ?  

 

28.6 didn't ''fix'' this issue. Some phones are OK , some are plagued with that error

 

Thanks ,

WB
Building a reputation

Have you tried running 802.11r in adaptive mode as originally proposed? This was something created between Cisco & Apple so iPhones should support that with no issues

RaphaelL
Kind of a big deal
Kind of a big deal

Currently testing it. I'm on a 3 weeks vacation so I will have to follow up that issue when I come back. Will keep this thread updated

 

jmaxwellUSAF
Here to help

Hi folks. This issue is especially seen in Apple devices. I can tell you that in the past I have fixed this symptom by upgrading the firmware in the endpoint devices. 

 

Hope this helps.

 

-J. Maxwell, CCNP Enterprise

RaphaelL
Kind of a big deal
Kind of a big deal

Still no luck with 28.6 nor 28.6.1 ( the code is identical to 28.6 ) Going to test 29.1 soon.. 

ESMichal
Here to help

We are seeing the same issue on our network with Macs (Everything up-to-date Monterey). Some of them use 802.11r without an issue but with others we see quite a lot `invalid_pmkid` errors in Meraki connection log.

RaphaelL
Kind of a big deal
Kind of a big deal

Hi ! 

 

Have you tried messing with 802.11r ? Enabled , Adaptive ?

ESMichal
Here to help

We have it set to enabled. We observe PMKID errors mostly with first gen M1 machines which should support 802.11r.

RaphaelL
Kind of a big deal
Kind of a big deal

We currently only have iphones and ipads. I will have to try to set it to adaptive.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels