wpa error message

Bryan Kadzban bryan at kadzban.is-a-geek.net
Sat Nov 5 21:39:15 EST 2005

Shawn Adams wrote:
> Can anyone tell me what the following error message means:
> RX EAPOL from 00:20:d8:03:8a:bc
> EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
> IEEE 802.1X RX: version=1 type=3 length=108
>   EAPOL-Key type=254
> WPA: EAPOL-Key Replay Counter did not increase - dropping packet

Probably the supplicant not being notified that the connection dropped
and came back, but possibly a bug in your AP -- depending on when this

The replay counter that it's talking about is a 64-bit value in the
EAPOL-Key frame, which is used to make sure the supplicant only sees one
copy of each EAPOL-Key frame.  If it sees 2 frames with a replay counter
value that doesn't increment, it knows that the last one is a duplicate,
and drops it.

The replay counter is supposed to reset to 0 in the AP and on the client
on every association or reassociation.

I got output similar to that when using Cisco APs and the windows port
of wpa_supplicant -- I wasn't running ndis_events, so association events
weren't being reported to wpa_supplicant, so it was seeing what it
thought was a repeated replay counter value.  (Because the AP reset the
counter on the STA's reassociation, but the supplicant didn't know it
had reassociated, so it didn't reset its counter.)

So if you're running this on Windows, make sure that ndis_events is
running.  If you're running it on Linux, then make sure that however
your backend driver (wext?) reports associations/reassociations is
actually getting through to the supplicant.

Also, when does it happen?  When the AP's radio resets perhaps, or at
some other point where a reassociation should be happening?  And what's
the value of the replay counter in the dropped frame?  (-dd will show
you packet dumps of everything except keys, so that would be one way to
find out.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20051105/579bd478/attachment.pgp 

More information about the HostAP mailing list