Home > Wireless LAN > Encryption and Authentication > Continuous WPA Deauthentication Events when using WPA2-PSK

Continuous WPA Deauthentication Events when using WPA2-PSK

Table of contents
No headers

When you configure an SSID to use WPA2-PSK as the Association type in Dashboard, you are required to create a passphrase that is 8 characters or more in length. This passphrase is used for authentication and data encryption. The passphrase is also case sensitive.  

This passphrase can be entered on the wireless client manually as part of a wireless profile configuration or on demand when they attempt to connect to the network using their wireless network utility. If a user is continuously prompted for the passphrase when connecting to an SSID, there is a key mismatch because the user is entering the passphrase incorrectly. Additionally, this could also indicate a Rogue AP performing an SSID spoof where the passphrase is different. You can check the Air Marshal page in Dashboard to see if an SSID spoof is occurring in your wireless environment. 

 

When a key mismatch exists between the connecting device and the AP, Dashboard will log the events below each time the user makes a failed authentication attempt:

Time (PDT) Access point SSID Client Event type Details
May 26 15:08:38 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:08:38 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 301029930
May 26 15:08:35 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 52
May 26 15:04:45 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:04:45 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 166785744
May 26 15:04:42 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 44
May 26 15:03:47 00:18:0a:00:00:01 101 IPAD2 802.11 disassociation previous authentication expired
May 26 15:03:47 00:18:0a:00:00:01 101 IPAD2 WPA deauthentication vap: 0, radio: 1, aid: 264513981
May 26 15:03:44 00:18:0a:00:00:01 101 IPAD2 802.11 association channel: 36, rssi: 44

 

To remedy this issue, verify the user is entering the passphrase correctly and check for SSID spoofs in Air Marshal. Sometime, the wireless profile on the wireless clients machine may also need to be removed and recreated. 

You must to post a comment.
Last modified
12:01, 3 Mar 2015

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community