802.11 Association Status, 802.11 Deauth Reason codes

Saravanan Lakshmanan · ‎05-17-2013

Introduction

802.11 Association Status Codes

Code	802.11 definition	Explanation
0	Successful
1	Unspecified failure	For example : when there is no ssid specified in an association request
10	Cannot support all requested capabilities in the Capability Information field	Example Test: Reject when privacy bit is set for WLAN not requiring security
11	Reassociation denied due to inability to confirm that association exists	NOT SUPPORTED
12	Association denied due to reason outside the scope of this standard	Example : When controller receives assoc from an unknown or disabled SSID
13	Responding station does not support the specified authentication algorithm	For example, MFP is disabled but was requested by the client.
14	Received an Authentication frame with authentication transaction sequence number out of expected sequence	If the authentication sequence number is not correct.
15	Authentication rejected because of challenge failure
16	Authentication rejected due to timeout waiting for next frame in sequence
17	Association denied because AP is unable to handle additional associated stations	Will happen if you run out of AIDs on the AP; so try associating a large number of stations.
18	Association denied due to requesting station not supporting all of the data rates in the BSSBasicRateSet parameter	Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.
19	Association denied due to requesting station not supporting the short preamble option	NOT SUPPORTED
20	Association denied due to requesting station not supporting the PBCC modulation option	NOT SUPPORTED
21	Association denied due to requesting station not supporting the Channel Agility option	NOT SUPPORTED
22	Association request rejected because Spectrum Management capability is required	NOT SUPPORTED
23	Association request rejected because the information in the Power Capability element is unacceptable	NOT SUPPORTED
24	Association request rejected because the information in the Supported Channels element is unacceptable	NOT SUPPORTED
25	Association denied due to requesting station not supporting the Short Slot Time option	NOT SUPPORTED
26	Association denied due to requesting station not supporting the DSSS-OFDM option	NOT SUPPORTED
27-31	Reserved	NOT SUPPORTED
32	Unspecified, QoS-related failure	NOT SUPPORTED
33	Association denied because QAP has insufficient bandwidth to handle another QSTA	NOT SUPPORTED
34	Association denied due to excessive frame loss rates and/or poor conditions on current operating channel	NOT SUPPORTED
35	Association (with QBSS) denied because the requesting STA does not support the QoS facility	If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.
36	Reserved in 802.11	This is used in our code ! There is no blackbox test for this status code.
37	The request has been declined	This is not used in assoc response; ignore
38	The request has not been successful as one or more parameters have invalid values	NOT SUPPORTED
39	The TS has not been created because the request cannot be honored; however, a suggested TSPEC is provided so that the initiating QSTA may attempt to set another TS with the suggested changes to the TSPEC	NOT SUPPORTED
40	Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7	Sent when Aironet IE is not present for a CKIP WLAN
41	Invalid group cipher	Used when received unsupported Multicast 802.11i OUI Code
42	Invalid pairwise cipher
43	Invalid AKMP
44	Unsupported RSN information element version	If you put anything but version value of 1, you will see this code.
45	Invalid RSN information element capabilities	If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.
46	Cipher suite rejected because of security policy	NOT SUPPORTED
47	The TS has not been created; however, the HC may be capable of creating a TS, in response to a request, after the time indicated in the TS Delay element	NOT SUPPORTED
48	Direct link is not allowed in the BSS by policy	NOT SUPPORTED
49	Destination STA is not present within this QBSS	NOT SUPPORTED
50	The Destination STA is not a QSTA	NOT SUPPORTED
51	Association denied because the ListenInterval is too large	NOT SUPPORTED
200 (0xC8)	Unspecified, QoS-related failure. Not defined in IEEE, defined in CCXv4	Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.
201 (0xC9)	TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code. Not defined in IEEE, defined in CCXv4	This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.
202 (0xCA)	Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only. Not defined in IEEE, defined in CCXv4
203 (0xCB)	Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion. Not defined in IEEE, defined in CCXv4	This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

802.11 Deauth Reason Codes

When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

Code	802.11 definition	Explanation
0	Reserved	NOT SUPPORTED
1	Unspecified reason	TBD
2	Previous authentication no longer valid	NOT SUPPORTED
3	station is leaving (or has left) IBSS or ESS	NOT SUPPORTED
4	Disassociated due to inactivity	Do not send any data after association;
5	Disassociated because AP is unable to handle all currently associated stations	TBD
6	Class 2 frame received from nonauthenticated station	NOT SUPPORTED
7	Class 3 frame received from nonassociated station	NOT SUPPORTED
8	Disassociated because sending station is leaving (or has left) BSS	TBD
9	Station requesting (re)association is not authenticated with responding station	NOT SUPPORTED
10	Disassociated because the information in the Power Capability element is unacceptable	NOT SUPPORTED
11	Disassociated because the information in the Supported Channels element is unacceptable	NOT SUPPORTED
12	Reserved	NOT SUPPORTED
13	Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7	NOT SUPPORTED
14	Message integrity code (MIC) failure	NOT SUPPORTED
15	4-Way Handshake timeout	NOT SUPPORTED
16	Group Key Handshake timeout	NOT SUPPORTED
17	Information element in 4-Way Handshake different from (Re)Association Request/Probe Response/Beacon frame	NOT SUPPORTED
18	Invalid group cipher	NOT SUPPORTED
19	Invalid pairwise cipher	NOT SUPPORTED
20	Invalid AKMP	NOT SUPPORTED
21	Unsupported RSN information element version	NOT SUPPORTED
22	Invalid RSN information element capabilities	NOT SUPPORTED
23	IEEE 802.1X authentication failed	NOT SUPPORTED
24	Cipher suite rejected because of the security policy	NOT SUPPORTED
25-31	Reserved	NOT SUPPORTED
32	Disassociated for unspecified, QoS-related reason	NOT SUPPORTED
33	Disassociated because QAP lacks sufficient bandwidth for this QSTA	NOT SUPPORTED
34	Disassociated because excessive number of frames need to be acknowledged, but are not acknowledged due to AP transmissions and/or poor channel conditions	NOT SUPPORTED
35	Disassociated because QSTA is transmitting outside the limits of its TXOPs	NOT SUPPORTED
36	Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)	NOT SUPPORTED
37	Requested from peer QSTA as it does not want to use the mechanism	NOT SUPPORTED
38	Requested from peer QSTA as the QSTA received frames using the mechanism for which a setup is required	NOT SUPPORTED
39	Requested from peer QSTA due to timeout	NOT SUPPORTED
40	Peer QSTA does not support the requested cipher suite	NOT SUPPORTED
46-65535	46--65 535 Reserved	NOT SUPPORTED
98	Cisco defined	TBD
99	Cisco defined Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc	Example: Send a Deauth to the AP with the reason code to be invalid, say zero

George Stefanick · ‎05-20-2013

+5

Saravanan Lakshmanan · ‎05-20-2013

Thanks George, and also your AVC SR takencare as well some days ago I'm on documenting that info to make available in cco. Keep asking hard and challenging questions as always!!!

George Stefanick · ‎05-20-2013

Thanks Saravanan. You do good work and keep the forum updated in the documentation section. Keep up the efforts my friend.

I dont know if you have time, but I think having a TAC engineer outline what they look at in a client debug would be very helpful to the community.

Saravanan Lakshmanan · ‎05-20-2013

'client debug' - Suppose to have this done long time ago by Cisco, the thing is it takes enormous effort to cover most of the common/interoperability scenarios to have a good outlook, particularly tried to develop a tool using scripts that will throw the result when copy/paste the debug client output to it, Will keep that in mind and i may try to follow up with you on email regards to this one to cover common scenarios.

George Stefanick · ‎05-20-2013

Thanks

Daniel McDavid · ‎05-20-2013

I second that. Good idea.

Leo Laohoo · ‎05-29-2013

Nice one, Saravanan. +5

Andrew Grech · ‎06-18-2013

Hi Saravanan, What is an AID?

Association denied because AP is unable to handle additional associated stations

Will happen if you run out of AIDs on the AP; so try associating a large number of stations.

I always thought this was aggressive load balancing.

Thanks

stefan.angerer · ‎06-18-2013

@Andrew: AID stands for Associantion ID - a unique number, given by the AP to the client after a successful association.

hth

Stefan

Saravanan Lakshmanan · ‎12-28-2013

guess there are 255 AIDs per AP radio or bssid, i am unsure. if all AIDs are used up then new client cannot associate on that radio. resetting the AP should fix it.

George Stefanick · ‎12-29-2013

Standard 802.11_2012 section 8.4.1.8 states aid value is 1-2007 ..

Saravanan Lakshmanan · ‎12-30-2013

I agree with you , however cisco using 256 AID, ie from 0 to 255. The below bug reflects the same as proof.

https://tools.cisco.com/bugsearch/bug/CSCtn52948

%LWAPP-3-INVALID_AID2: spam_api.c:1068 Association identifier 1 for client 00:26:5e:00:00:00 is already in use by 78:e4:00:00:00:00

%LWAPP-3-MAX_AID2: spam_api.c:1047 Reached max limit on the association ID for AP (max association ID 256)

George Stefanick · ‎12-30-2013

Nice .. I need to ask, you fired up the lab and found 257 devices to connect ?

Saravanan Lakshmanan · ‎12-30-2013

(No, in the past i used to work with those wlan simulated hardware/tools, it was fun .)

The no. 256 is still an fiction and never used all of them by AP, the actual AID used is only 200 per AP Radio. (The above bug was used as an Ex: to show what does the upper limit look like.)

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1667427

Kamaljeet Singh · ‎07-22-2014

Thank you for this post and the other one;

https://supportforums.cisco.com/document/12164036/how-decode-what-datarates-used-wireless-client-obtained-debug-client#comment-9838461

Using knowledge given in these 2 posts will help in resolving lots of issues.

Regards,

Kamal