EAPOL key from AP (Message 1 of 4) is responded to with a EAPOL Start

  • 1
  • Question
  • Updated 1 year ago
Hello all...

I have an issue getting some 2.4ghz devices that use gainspan chips to connect via RADIUS PEAP.

Our infrastructure is solid - we are a private school authenticating BYOD devices via Aerohive Radius enabled APs with Active Directory as the back end database. All is well except for these power control devices when programmed for Radius auth.

They actually successfully authenticate the user via PEAP...but when setting up the secured layer 2 connection there after, they never make it past the message 1 of the 4 way handshake.

In reference to this excellent blog outlining the 4 way handshake process, 


The AP sends it's EAPOL key frame containing the ANonce (message 1 of 4) - see attached capture pic

The supplicant device then responds not with it's EAPOL key and SNonce, but with a EAPOL Start request - (see attached)... The user has already authenticated previously so this is not the expected response.

Then the AP proceeds to request the Identity from the gainspan -- and it doesn't repsond- at this point...it just loops back through the process again- the gainspan probe requests etc looking for an AP to associate with.

Anybody that could shed some light, it would be much appreciated- !


Photo of Dennis Topo Jr

Dennis Topo Jr

  • 8 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1

Be the first to post a reply!