Failed connection to SSID during authentication. Reason: reserved

SdotB
Here to help

Failed connection to SSID during authentication. Reason: reserved

Hi,

Has anyone seen this particular error before with users attempting to authenticate to an AP that is using Meraki Cloud Authentication? Some of our BYOD clients fail to authenticate and the history of a particular client will show "Failed connection to SSID during authentication. Reason: reserved" I cannot find any info on this particular error or what it even is referring to.

 

We are running MR46 and MR46E. Just upgraded from MR 27.5.1 → MR 27.6 and the issues persist.

14 REPLIES 14
PhilipDAth
Kind of a big deal
Kind of a big deal

Are they Windows devices?  If so, try updating the WiFi NIC driver.  Often you have to download these from the manufacturers site to get the latest version rather than using the update tool that comes with the machine.

Thanks for the quick reply. Unfortunately these are mostly iPhone and Android devices as they are on a BYOD network using Meraki Cloud Auth. I just can't quite grasp what "Reason: Reserved" means. I have other networks using a  traditional RADIUS auth. (Microsoft NPS) and PSK and don't see this error on those networks.

@SdotB This is a long shot but try disabling private MAC on an iOS device and see if that helps.

 

Not sure if Android have a similar virtual MAC setting. 

Thanks. I'll give that a shot. Android does have a similar feature as well called "MAC randomization" that was introduced in Android 10.  

@SdotB  I would also open a support case, this tpye of error has been seen be a few other community memebrs over the last few weeks. 

I had a end user disable "private MAC" on his iPhone and his connectivity issues have subsided as the system doesn't see him as a new user every day. Still seeing the "reason reserved" in the logs however.

JosipS
Conversationalist

I have reported this same problem to Meraki support a few weeks ago. No progress and I am not expecting one. It is not easy for them to troubleshooting, but it makes no sense that this many users are reporting it.

I am seeing it on all our Meraki networks in deferent GEO location, on different WAN links, using RADIUS/802.1X authentication. RADIUS servers are in the Data Centre. Problem is very intermittent, so not easy to capture. I could see  that Meraki AP is not getting RADIUS response when the Wi-Fi starts dropping. I also see affected SSID showing as low signal from the laptop while being away from it 3 meters while all other broadcasted SSID are full signal. Not sure if I need to indicate that we are seeing this on different Meraki models and firmware, updates didn't fix a thing.

We have had a similar issue with a couple of misconfigured sites.  Turned out to be the mtu setting on the path to the site from radius.  The isp’s kit was configured to a figure below 1473. The first packet would be returned by the radius server but the remaining packets of 1500 size would fail. A quick check is a mtupath tool.  Next time it’s happening try this from either end to confirm if this could be the cause.

Paul_H
Meraki Employee
Meraki Employee

@SdotB While I may not be able to diagnose what is wrong, hopefully this could help you grasp the "Reason:Reserved"! 😉

Reason codes are based on IEEE 802.11-2012 standard and for the wireless LAN management frame parameters. So, when there is a deauth and that deauth meets specific IEEE specifications, that reason code will be reported. However, when that deauth doesn't match, nor meet any of the IEEE defined specifications, the reason will be: "Reserved". (Which admittedly can be a LOT of reasons!)

So, if you were to run a packet capture from the dashboard on the AP and dig into the frames, you'd be able to find the Deauthentication and management frames report that same reason.

My recommendation would be to run a monitor mode capture and then submit that to Meraki Support. A monitor mode capture will be able to hear all the things in the air and not be limited to just want the AP hears. This could help illustrate and/or isolate where to focus your attention.

Instructions for setting up a monitor mode packet capture can be found here: https://documentation.meraki.com/MR/Monitoring_and_Reporting/Capturing_Wireless_Traffic_from_a_Clien... 

Hope that helps!

Hi there, I have the same problems but its limited to windows clients for now.

When i'm trying to connect to the ssid from the network manager of windows pop up's a message that says " Network Error"

and from the dashboard of meraki the error reported is Failed connection to SSID during authentication. Reason Reserved.

I've upgrade manually the nic driver of the wireless card and still got the problem..

 

Can you help me?

Bgammon
Here to help

What wpa encryption mode is in use?

Have seen apple devices struggle when wpa1 and wpa2 is selected.

 

Packet captures should hopefully show some more details of why the client is failing.

The SSID in question is set to "WPA2 only"

thomasthomsen
Head in the Cloud

Any news on this ?

I have just started to see the same thing.

Im having exactly the same issue with some older handscanners, started out the blue with RESERVED messages, not seeing the issue with iphone/ipad/laptops on the same SSID's.  About to raise a support case, this didn't start as part of an upgrade it just started.  I tried upgrading to 27.6 but still the same issues and deauthentication and association failures that we never saw before.  The sites affected are "Template sites" and I believe this has something to do with it and some setting that has change and not propagated correctly in Templates.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels