OPERATIONAL DEFECT DATABASE
...
...
AP sending EAP_ID_REQ unencrypted after reassoc req with PMKID and M1-M4 sent by AP with same PMKID WLC logs point PMKID mismatch: Dot11 validate: 4-way key exchange done at AP. Failed to Dot11 validate dot11i pmkids. No matching pmkid for the pmk available in cache
9800 running 17.6.4 with COS-APs flex-connect local-sw central auth dot1x SSID using OKC This is seen with windows clients. Client seems to change from OKC to SKC since it is using old PMKID after new full authentication.
None
Fix integrated as a result of this defect was not complete for AireOS 8.10 train code nor IOS-XE 17.3 train code. For full fix track CSCwf18202.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
