Station blocked by key handshake fail right before connected (intra roaming) - normal behavior?

Options
mun
mun Posts: 3 image  Freshman Member
First Comment
in Wireless

Every intra roaming (e.g. 2.4>5GHz) goes like this (log, reverse order):

31 2025-11-05 17:21:29
notice wlan IEEE 802.11
Station: 12:34:56:78:9a:be connected on Channel: 36, SSID: MyWifi, 5GHz, Signal: -66dBm, Interface: wlan-2-1

32 2025-11-05 17:21:28
notice wlan IEEE 802.11
Station: 12:34:56:78:9a:be blocked by key handshake fail on Channel: 36, SSID: MyWifi, 5GHz, Signal: -127dBm, Download/Upload: 0Bytes/0Bytes, reason 2, Interface: wlan-2-1

33 2025-11-05 17:21:28
notice wlan IEEE 802.11
Station: 12:34:56:78:9a:be deauthenticated by key handshake fail

34 2025-11-05 17:21:28
notice wlan IEEE 802.11
Station: 12:34:56:78:9a:be disconnected by Intra Roaming on Channel: 1, SSID: MyWifi, 2.4GHz, Signal: -64dBm, Download/Upload: 46KB/12KB, reason 109, Interface: wlan-1-1

Please, is this normal/expected behavior or is there some roaming misconfiguration etc.? Standalone setup, 802.11k/v enabled on all APs and stations. Roaming from a different AP seems normal:

6 2025-11-06 07:06:51
notice sta-roaming
STA roamed. MAC:12:34:56:78:9A:BE, From: AB:CD:EF:01:23:45, To: AB:CD:EF:01:23:67, SSID:MyWifi

7 2025-11-06 07:06:51
notice wlan IEEE 802.11
Station: 12:34:56:78:9a:be connected on Channel: 36, SSID: MyWifi, 5GHz, Signal: -62dBm, Interface: wlan-2-1

All Replies

  • Zyxel_Lynn
    Zyxel_Lynn Posts: 101 image  Zyxel Employee
    5 Answers First Comment Friend Collector
    edited November 10

    Hi @mun,

    It seems that your client is undergoing unusual intra-roaming behavior. Under normal intra-roaming situations, a client would first establish a connection to the new band (e.g., 5GHz) before disconnecting from the previously connected band (e.g., 2.4GHz).

    However, your logs indicate an abnormal pattern:

    1. Station: 12:34:56:78:9a:be disconnected by Intra Roaming on Channel: 1
    2. Blocked by key handshake fail
    3. Deauthenticated by key handshake fail
    4. Station connected on Channel: 36

    This sequence-where handshake failures occur immediately after an intra-roaming disconnect-is not consistent with standard roaming behavior.

    Typically, key handshake failures typically occur due to the reasons such as incorrect password, network interference, or insufficient signal strength from the AP.

    By examining the log ‘Station: 12:34:56:78:9a:be blocked by key handshake fail on Channel: 36, SSID: MyWifi, 5GHz, Signal: -127dBm’, the signal strength stands out as critically weak. A signal of -127dBm is extremely poor and insufficient for maintaining a stable connection or completing the authentication handshake.

    Hence, we can suggest that the handshake failure is most likely caused by insufficient signal strength at the 5GHz AP or the possible RF interference in the environment.

    To properly diagnose and resolve this issue, could you please provide the diagnostic report for this AP? This will help us identify whether the problem stems from the weak signal strength of the AP or the other factors.

    Thank you for your cooperation.

    Best Regards,

    Lynn

  • mun
    mun Posts: 3 image  Freshman Member
    First Comment

    Thank you for the reply. I guess the -127dBm value is not a real one when after a second it says -66 dBm. Channel utilization is like 1%. I've tried to collect the diagnostic info but it contained too much sensitive data to post here so I guess I'll just live with it…

Categories

Wireless Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)