Reset Search



Wireless Clients are disassociated due to 4 Way Handshake Timeout

« Go Back


TitleWireless Clients are disassociated due to 4 Way Handshake Timeout
Wireless Clients are disassociated due to 4 Way Handshake Timeout
  • Summit WM 3000 Controller Series
  • Altitude APs
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG v5.X Softwar
During the WPA/WPA2 handshake an access point waits a defined amount of time (timeout) for a response from the client. If a response is not received, the access point resends the handshake message. This process repeats until a successful handshake is performed or until the maximum number of attempts have been made. Some clients may be slow to respond to WPA handshake messages due to limitations of the device or problems in the RF environment. If the handshake is unsuccessful, the client will be disassociated from the WLAN and the following log message will be seen on the WLAN controller:
2015-03-12 11:51:05     OFFICE-FLOOR-AP2 DOT11      CLIENT_DISASSOCIATED Client '00-AA-BB-CC-DD-EE' disassociated from wlan 'OFFICE-FLOOR-AP' 
radio 'OFFICE-FLOOR-AP2:R2': dot11i 4way handshake timeout (reason code: 15)
Increase the WLAN WPA-WPA2 handshake attempts and timeout values to allow the client to have more time to process and respond to the message.
  1. Check currently set values:
Controller#show running-config include-factory | grep wpa-wpa2
This information should be displayed amongst others:
 wpa-wpa2 handshake timeout 500
 wpa-wpa2 handshake attempts 2
 wpa-wpa2 handshake priority high
  1. Configure the new values:
Controller(config-WLAN-WLAN_NAME)#wpa-wpa2 handshake attempts <MAX_ATTEMPTS>
Controller(config-WLAN-WLAN_NAME)#wpa-wpa2 handshake timeout <1ST_TRY> <2ND> <3RD>...
Example (with suggested values):
wm3400-AABBCC#conf t
wm3400-AABBCC(config)#wlan test
wm3400-AABBCC(config-wlan-test)#wpa-wpa2 handshake attempts 5
wm3400-AABBCC(config-wlan-test)#wpa-wpa2 handshake timeout 200 300 400 500
wm3400-AABBCC(config-wlan-test)#com wr
wm3400-AABBCC(config-wlan-test)#show context
Additional notes
Also, ensure that the client is using the correct PSK, if so configured. The reason for this is that the AP will be waiting for the nonce-value from the client. If the client has the incorrect PSK configured, the nonce-value will be encrypted incorrectly coming from the client--so the AP won't be able to authenticate as it won't be able to read the packet.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255