Skip to main content

 

Cisco Meraki Documentation

Continuous WPA Deauthentication Events when using WPA2-PSK

Learn more with these free online training courses on the Meraki Learning Hub:

Sign in with your Cisco SSO or create a free account to start training.

When you configure an SSID to use WPA2-PSK as the Association type in Dashboard, you are required to create a passphrase that is 8 characters or more in length. This passphrase is used for authentication and data encryption. The passphrase is also case sensitive.  

This passphrase can be entered on the wireless client manually as part of a wireless profile configuration or on demand when they attempt to connect to the network using their wireless network utility. If a user is continuously prompted for the passphrase when connecting to an SSID, there is a key mismatch because the user is entering the passphrase incorrectly. Additionally, this could also indicate a Rogue AP performing an SSID spoof where the passphrase is different. You can check the Air Marshal page in Dashboard to see if an SSID spoof is occurring in your wireless environment. 

 

When a key mismatch exists between the connecting device and the AP, Dashboard will log the events below each time the user makes a failed authentication attempt:

Time (PDT) Access point SSID Client Event type Details
May 26 15:08:38 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:08:38 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 301029930
May 26 15:08:35 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 52
May 26 15:04:45 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:04:45 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 166785744
May 26 15:04:42 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 44
May 26 15:03:47 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:03:47 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 264513981
May 26 15:03:44 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 44

 

To remedy this issue, verify the user is entering the passphrase correctly and check for SSID spoofs in Air Marshal. Sometime, the wireless profile on the wireless clients machine may also need to be removed and recreated. 

  • Was this article helpful?