diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 5f1c9e04e..e8e504af5 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE)
 {
 	SM_ENTRY(EAP, INITIALIZE);
 	if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
-	    sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
+	    sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
+	    !sm->prev_failure) {
 		wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
 			   "fast reauthentication");
 		sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
@@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE)
 	eapol_set_bool(sm, EAPOL_eapResp, FALSE);
 	eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
 	sm->num_rounds = 0;
+	sm->prev_failure = 0;
 }
 
 
@@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE)
 
 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
 		"EAP authentication failed");
+
+	sm->prev_failure = 1;
 }
 
 
diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h
index 4b7029ee5..e7c826ee8 100644
--- a/src/eap_peer/eap_i.h
+++ b/src/eap_peer/eap_i.h
@@ -333,6 +333,8 @@ struct eap_sm {
 	int force_disabled;
 
 	struct wps_context *wps;
+
+	int prev_failure;
 };
 
 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);