Can one STA with EAPOL errors make hostapd drop all clients?

Rafał Miłecki zajec5
Mon May 25 01:17:06 PDT 2015

On 25 May 2015 at 10:03, Krishna Chaitanya <chaitanya.mgit at> wrote:
> On Mon, May 25, 2015 at 10:48 AM, Rafa? Mi?ecki <zajec5 at> wrote:
>> I'm experimenting with various drivers and during my tests I got a
>> faulty STA. It experiences some Michael failures which causes
>> wpa_supplicant sending EAPOL errors to AP.
>> What bothers me is that hostapd drops all STAs after getting the
>> second "EAPOL-Key Error Request". Instead of just dealing with faulty
>> STA it breaks connectivity for all other users. Moreover they can't
>> re-connect for some reason until I disable faulty STA and wait few
>> minutes.
> This is expected as per spec, 2 Michael failures and AP should de-authenticate
> all STA's. For cross checking, you can try CCMP instead of TKIP?

Thanks for info, nice to know. Looks like a spec-approved easy to way
to sabotage an AP ;) You're right about encryption, this problem
occurs with TKIP only.

Any idea why my "good" STA can't reconnect after this action? I mean
these associated/disassociated/unauthorizing port logs in hostapd.
Unfortunately I didn't grab corresponding wpa_supplicant logs, but I
can try later if that helps.


More information about the Hostap mailing list