cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385692
Views
106
Helpful
26
Comments
Saravanan Lakshmanan
Cisco Employee
Cisco Employee

     

     

    Introduction

    802.11 Association Status, 802.11 Deauth Reason codes

    802.11 Association Status Codes

    Code

    802.11 definition

    Explanation

    0

    Successful

     

    1

    Unspecified failure

    For example : when there is no ssid specified in an association request

    10

    Cannot support all requested capabilities in the Capability Information field

    Example Test: Reject when privacy bit is set for WLAN not requiring security

    11

    Reassociation denied due to inability to confirm that association exists

    NOT SUPPORTED

    12

    Association denied due to reason outside the scope of this standard

    Example : When controller receives assoc from an unknown or disabled SSID

    13

    Responding station does not support the specified authentication algorithm

    For example, MFP is disabled but was requested by the client.

    14

    Received an Authentication frame with authentication transaction sequence number
    out of expected sequence

    If the authentication sequence number is not correct.

     

    15

    Authentication rejected because of challenge failure

     

    16

    Authentication rejected due to timeout waiting for next frame in sequence

     

    17

    Association denied because AP is unable to handle additional associated stations

    Will happen if you run out of AIDs on the AP; so try associating a large number of stations.

    18

    Association denied due to requesting station not supporting all of the data rates in the
    BSSBasicRateSet parameter

    Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.

    19

    Association denied due to requesting station not supporting the short preamble
    option

    NOT SUPPORTED

    20

    Association denied due to requesting station not supporting the PBCC modulation
    option

    NOT SUPPORTED

    21

    Association denied due to requesting station not supporting the Channel Agility
    option

    NOT SUPPORTED

    22

    Association request rejected because Spectrum Management capability is required

    NOT SUPPORTED

    23

    Association request rejected because the information in the Power Capability
    element is unacceptable

    NOT SUPPORTED

    24

    Association request rejected because the information in the Supported Channels
    element is unacceptable

    NOT SUPPORTED

    25

    Association denied due to requesting station not supporting the Short Slot Time
    option

    NOT SUPPORTED

    26

    Association denied due to requesting station not supporting the DSSS-OFDM option

    NOT SUPPORTED

    27-31

    Reserved

    NOT SUPPORTED

    32

    Unspecified, QoS-related failure

    NOT SUPPORTED

    33

    Association denied because QAP has insufficient bandwidth to handle another
    QSTA

    NOT SUPPORTED

    34

    Association denied due to excessive frame loss rates and/or poor conditions on current
    operating channel

    NOT SUPPORTED

    35

    Association (with QBSS) denied because the requesting STA does not support the
    QoS facility

    If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.

    36

    Reserved in 802.11

    This is used in our code ! There is no blackbox test for this status code.

    37

    The request has been declined

    This is not used in assoc response; ignore

    38

    The request has not been successful as one or more parameters have invalid values

    NOT SUPPORTED

    39

    The TS has not been created because the request cannot be honored; however, a suggested
    TSPEC is provided so that the initiating QSTA may attempt to set another TS
    with the suggested changes to the TSPEC

    NOT SUPPORTED

    40

    Invalid information element, i.e., an information element defined in this standard for
    which the content does not meet the specifications in Clause 7

    Sent when Aironet IE is not present for a CKIP WLAN

    41

    Invalid group cipher

    Used when received unsupported Multicast 802.11i OUI Code

    42

    Invalid pairwise cipher

     

    43

    Invalid AKMP

     

    44

    Unsupported RSN information element version

    If you put anything but version value of 1, you will see this code.

    45

    Invalid RSN information element capabilities

    If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.

    46

    Cipher suite rejected because of security policy

    NOT SUPPORTED

    47

    The TS has not been created; however, the HC may be capable of creating a TS, in
    response to a request, after the time indicated in the TS Delay element

    NOT SUPPORTED

    48

    Direct link is not allowed in the BSS by policy

    NOT SUPPORTED

    49

    Destination STA is not present within this QBSS

    NOT SUPPORTED

    50

    The Destination STA is not a QSTA

    NOT SUPPORTED

    51

    Association denied because the ListenInterval is too large

    NOT SUPPORTED

    200
    (0xC8)

     

    Unspecified, QoS-related failure.
    Not defined in IEEE, defined in CCXv4

    Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.

    201
    (0xC9)

    TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code.
    Not defined in IEEE, defined in CCXv4

    This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.

    202
    (0xCA)

    Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only.
    Not defined in IEEE, defined in CCXv4

     

    203
    (0xCB)

    Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.

    Not defined in IEEE, defined in CCXv4

    This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

    802.11 Deauth Reason Codes

    When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

    Code802.11 definitionExplanation
    0ReservedNOT SUPPORTED
    1Unspecified reasonTBD
    2Previous authentication no longer validNOT SUPPORTED
    3station is leaving (or has left) IBSS or ESSNOT SUPPORTED
    4Disassociated due to inactivityDo not send any data after association;
    5Disassociated because AP is unable to handle all currently associated stationsTBD
    6Class 2 frame received from nonauthenticated station

     

    NOT SUPPORTED
    7Class 3 frame received from nonassociated stationNOT SUPPORTED
    8Disassociated because sending station is leaving (or has left) BSSTBD
    9Station requesting (re)association is not authenticated with responding stationNOT SUPPORTED
    10Disassociated because the information in the Power Capability element is unacceptableNOT SUPPORTED
    11Disassociated because the information in the Supported Channels element is unacceptableNOT SUPPORTED
    12ReservedNOT SUPPORTED
    13Invalid information element, i.e., an information element defined in this standard for
    which the content does not meet the specifications in Clause 7
    NOT SUPPORTED
    14Message integrity code (MIC) failureNOT SUPPORTED
    154-Way Handshake timeoutNOT SUPPORTED
    16Group Key Handshake timeoutNOT SUPPORTED
    17Information element in 4-Way Handshake different from (Re)Association Request/Probe
    Response/Beacon frame
    NOT SUPPORTED
    18Invalid group cipherNOT SUPPORTED
    19Invalid pairwise cipherNOT SUPPORTED
    20Invalid AKMPNOT SUPPORTED
    21Unsupported RSN information element versionNOT SUPPORTED
    22Invalid RSN information element capabilitiesNOT SUPPORTED
    23IEEE 802.1X authentication failedNOT SUPPORTED
    24Cipher suite rejected because of the security policyNOT SUPPORTED
    25-31ReservedNOT SUPPORTED
    32Disassociated for unspecified, QoS-related reasonNOT SUPPORTED
    33Disassociated because QAP lacks sufficient bandwidth for this QSTANOT SUPPORTED
    34Disassociated because excessive number of frames need to be acknowledged, but are not
    acknowledged due to AP transmissions and/or poor channel conditions
    NOT SUPPORTED
    35Disassociated because QSTA is transmitting outside the limits of its TXOPsNOT SUPPORTED
    36Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)NOT SUPPORTED
    37Requested from peer QSTA as it does not want to use the mechanismNOT SUPPORTED
    38Requested from peer QSTA as the QSTA received frames using the mechanism for which
    a setup is required
    NOT SUPPORTED
    39Requested from peer QSTA due to timeoutNOT SUPPORTED
    40Peer QSTA does not support the requested cipher suiteNOT SUPPORTED
    46-6553546--65 535 ReservedNOT SUPPORTED
    98Cisco definedTBD
    99Cisco defined
    Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc
    Example: Send a Deauth to the AP with the reason code to be invalid, say zero

     

    Comments
    George Stefanick
    VIP Alumni
    VIP Alumni

    +5

    Saravanan Lakshmanan
    Cisco Employee
    Cisco Employee

    Thanks George, and also your AVC SR takencare as well some days ago I'm on documenting that info to make available in cco. Keep asking hard and challenging questions as always!!!

    George Stefanick
    VIP Alumni
    VIP Alumni

    Thanks Saravanan. You do good work and keep the forum updated in the documentation section. Keep up the efforts my friend.

    I dont know if you have time, but I think having a TAC engineer outline what they look at in a client debug would be very helpful to the community.

    Saravanan Lakshmanan
    Cisco Employee
    Cisco Employee

    'client debug' - Suppose to have this done long time ago by Cisco, the thing is it takes enormous effort to cover most of the common/interoperability scenarios to have a good outlook, particularly tried to develop a tool using scripts that will throw the result when copy/paste the debug client output to it, Will keep that in mind and i may try to follow up with you on email regards to this one to cover common scenarios.

    George Stefanick
    VIP Alumni
    VIP Alumni

    Thanks

    Daniel McDavid
    Level 1
    Level 1

    I second that. Good idea.

    Leo Laohoo
    Hall of Fame
    Hall of Fame

    Nice one, Saravanan.  +5

    Andrew Grech
    Level 1
    Level 1

    Hi Saravanan, What is an AID?

    Association denied because AP is unable to handle additional associated stationsWill happen if you run out of AIDs on the AP; so try associating a large number of stations.

    I always thought this was aggressive load balancing.

    Thanks

    stefan.angerer
    Level 1
    Level 1

    @Andrew: AID stands for Associantion ID - a unique number, given by the AP to the client after a successful association.

    hth

    Stefan

    Saravanan Lakshmanan
    Cisco Employee
    Cisco Employee

    guess there are 255 AIDs per AP radio or bssid, i am unsure. if all AIDs are used up then new client cannot associate on that radio. resetting the AP should fix it.

    George Stefanick
    VIP Alumni
    VIP Alumni

    Standard 802.11_2012  section 8.4.1.8 states aid value is 1-2007 ..

    Saravanan Lakshmanan
    Cisco Employee
    Cisco Employee

    I agree with you , however cisco using 256 AID, ie from 0 to 255. The below bug reflects the same as proof.

    https://tools.cisco.com/bugsearch/bug/CSCtn52948

    %LWAPP-3-INVALID_AID2: spam_api.c:1068 Association identifier 1 for client 00:26:5e:00:00:00 is already in use by 78:e4:00:00:00:00

    %LWAPP-3-MAX_AID2: spam_api.c:1047 Reached max limit on the association ID for AP (max association ID 256)
    George Stefanick
    VIP Alumni
    VIP Alumni

    Nice .. I need to ask, you fired up the lab and found 257 devices to connect ?

    Saravanan Lakshmanan
    Cisco Employee
    Cisco Employee

    (No, in the past i used to work with those wlan simulated hardware/tools, it was fun .)

    The no. 256 is still an fiction and never used all of them by AP, the actual AID used is only 200 per AP Radio. (The above bug was used as an Ex: to show what does the upper limit look like.)

    http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1667427

    Kamaljeet Singh
    Level 1
    Level 1

    Thank you for this post and the other one;

    https://supportforums.cisco.com/document/12164036/how-decode-what-datarates-used-wireless-client-obtained-debug-client#comment-9838461

     

    Using knowledge given in these 2 posts will help in resolving lots of issues.

     

    Regards,

    Kamal

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: