syslog: disassociation reason

Solved
Shoichi
Conversationalist

syslog: disassociation reason

Hi,

 

When I look at the wireless syslog, it looks several types of reasons exist for the disassociation event. See below examples.  Can you give a short description about each number of the reasons ?  At least, I got 2, 3, 6, 8, 15, 23, and 34.

 

2023-06-26 00:18:07.319045 1687706287.319044786 MR36_xxx events type=disassociation radio='0' vap='1' client_mac='46:C4:0C:xx:xx:xx' band='2' channel='1' reason='23' da_vendor='none' duration='10.080828475' auth_neg_failed='1' is_8021x='1' identity='anonymous@apple.openroaming.net' aid='108276xxxx'

 

2023-06-26 00:30:02.894287 1687707002.894287393 MR36_xxx events type=disassociation radio='0' vap='1' client_mac='46:C4:0C:xx:xx:xx' band='2' channel='1' reason='8' da_vendor='apple' da_reason='3' da_subreason='0' instigator='2' duration='6.292869157' auth_neg_failed='1' is_8021x='1' identity='anonymous@apple.openroaming.net' aid='82611xxxx'

1 Accepted Solution
Madhan_kumar_G
Getting noticed

Hi,

 

802.11 Association Status, 802.11 Deauth Reason codes

802.11 Association Status Codes

Code

802.11 definition

Explanation

0

Successful

 

1

Unspecified failure

For example : when there is no ssid specified in an association request

10

Cannot support all requested capabilities in the Capability Information field

Example Test: Reject when privacy bit is set for WLAN not requiring security

11

Reassociation denied due to inability to confirm that association exists

NOT SUPPORTED

12

Association denied due to reason outside the scope of this standard

Example : When controller receives assoc from an unknown or disabled SSID

13

Responding station does not support the specified authentication algorithm

For example, MFP is disabled but was requested by the client.

14

Received an Authentication frame with authentication transaction sequence number
out of expected sequence

If the authentication sequence number is not correct.

 

15

Authentication rejected because of challenge failure

 

16

Authentication rejected due to timeout waiting for next frame in sequence

 

17

Association denied because AP is unable to handle additional associated stations

Will happen if you run out of AIDs on the AP; so try associating a large number of stations.

18

Association denied due to requesting station not supporting all of the data rates in the
BSSBasicRateSet parameter

Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.

19

Association denied due to requesting station not supporting the short preamble
option

NOT SUPPORTED

20

Association denied due to requesting station not supporting the PBCC modulation
option

NOT SUPPORTED

21

Association denied due to requesting station not supporting the Channel Agility
option

NOT SUPPORTED

22

Association request rejected because Spectrum Management capability is required

NOT SUPPORTED

23

Association request rejected because the information in the Power Capability
element is unacceptable

NOT SUPPORTED

24

Association request rejected because the information in the Supported Channels
element is unacceptable

NOT SUPPORTED

25

Association denied due to requesting station not supporting the Short Slot Time
option

NOT SUPPORTED

26

Association denied due to requesting station not supporting the DSSS-OFDM option

NOT SUPPORTED

27-31

Reserved

NOT SUPPORTED

32

Unspecified, QoS-related failure

NOT SUPPORTED

33

Association denied because QAP has insufficient bandwidth to handle another
QSTA

NOT SUPPORTED

34

Association denied due to excessive frame loss rates and/or poor conditions on current
operating channel

NOT SUPPORTED

35

Association (with QBSS) denied because the requesting STA does not support the
QoS facility

If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.

36

Reserved in 802.11

This is used in our code ! There is no blackbox test for this status code.

37

The request has been declined

This is not used in assoc response; ignore

38

The request has not been successful as one or more parameters have invalid values

NOT SUPPORTED

39

The TS has not been created because the request cannot be honored; however, a suggested
TSPEC is provided so that the initiating QSTA may attempt to set another TS
with the suggested changes to the TSPEC

NOT SUPPORTED

40

Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7

Sent when Aironet IE is not present for a CKIP WLAN

41

Invalid group cipher

Used when received unsupported Multicast 802.11i OUI Code

42

Invalid pairwise cipher

 

43

Invalid AKMP

 

44

Unsupported RSN information element version

If you put anything but version value of 1, you will see this code.

45

Invalid RSN information element capabilities

If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.

46

Cipher suite rejected because of security policy

NOT SUPPORTED

47

The TS has not been created; however, the HC may be capable of creating a TS, in
response to a request, after the time indicated in the TS Delay element

NOT SUPPORTED

48

Direct link is not allowed in the BSS by policy

NOT SUPPORTED

49

Destination STA is not present within this QBSS

NOT SUPPORTED

50

The Destination STA is not a QSTA

NOT SUPPORTED

51

Association denied because the ListenInterval is too large

NOT SUPPORTED

200
(0xC8)

 

Unspecified, QoS-related failure.
Not defined in IEEE, defined in CCXv4

Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.

201
(0xC9)

TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code.
Not defined in IEEE, defined in CCXv4

This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.

202
(0xCA)

Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only.
Not defined in IEEE, defined in CCXv4

 

203
(0xCB)

Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.

Not defined in IEEE, defined in CCXv4

This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

802.11 Deauth Reason Codes

When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

Code802.11 definitionExplanation
0ReservedNOT SUPPORTED
1Unspecified reasonTBD
2Previous authentication no longer validNOT SUPPORTED
3station is leaving (or has left) IBSS or ESSNOT SUPPORTED
4Disassociated due to inactivityDo not send any data after association;
5Disassociated because AP is unable to handle all currently associated stationsTBD
6Class 2 frame received from nonauthenticated station

 

NOT SUPPORTED
7Class 3 frame received from nonassociated stationNOT SUPPORTED
8Disassociated because sending station is leaving (or has left) BSSTBD
9Station requesting (re)association is not authenticated with responding stationNOT SUPPORTED
10Disassociated because the information in the Power Capability element is unacceptableNOT SUPPORTED
11Disassociated because the information in the Supported Channels element is unacceptableNOT SUPPORTED
12ReservedNOT SUPPORTED
13Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7
NOT SUPPORTED
14Message integrity code (MIC) failureNOT SUPPORTED
154-Way Handshake timeoutNOT SUPPORTED
16Group Key Handshake timeoutNOT SUPPORTED
17Information element in 4-Way Handshake different from (Re)Association Request/Probe
Response/Beacon frame
NOT SUPPORTED
18Invalid group cipherNOT SUPPORTED
19Invalid pairwise cipherNOT SUPPORTED
20Invalid AKMPNOT SUPPORTED
21Unsupported RSN information element versionNOT SUPPORTED
22Invalid RSN information element capabilitiesNOT SUPPORTED
23IEEE 802.1X authentication failedNOT SUPPORTED
24Cipher suite rejected because of the security policyNOT SUPPORTED
25-31ReservedNOT SUPPORTED
32Disassociated for unspecified, QoS-related reasonNOT SUPPORTED
33Disassociated because QAP lacks sufficient bandwidth for this QSTANOT SUPPORTED
34Disassociated because excessive number of frames need to be acknowledged, but are not
acknowledged due to AP transmissions and/or poor channel conditions
NOT SUPPORTED
35Disassociated because QSTA is transmitting outside the limits of its TXOPsNOT SUPPORTED
36Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)NOT SUPPORTED
37Requested from peer QSTA as it does not want to use the mechanismNOT SUPPORTED
38Requested from peer QSTA as the QSTA received frames using the mechanism for which
a setup is required
NOT SUPPORTED
39Requested from peer QSTA due to timeoutNOT SUPPORTED
40Peer QSTA does not support the requested cipher suiteNOT SUPPORTED
46-6553546--65 535 ReservedNOT SUPPORTED
98Cisco definedTBD
99Cisco defined
Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc
Example: Send a Deauth to the AP with the reason code to be invalid, say zero

 

View solution in original post

2 Replies 2
Madhan_kumar_G
Getting noticed

Hi,

 

802.11 Association Status, 802.11 Deauth Reason codes

802.11 Association Status Codes

Code

802.11 definition

Explanation

0

Successful

 

1

Unspecified failure

For example : when there is no ssid specified in an association request

10

Cannot support all requested capabilities in the Capability Information field

Example Test: Reject when privacy bit is set for WLAN not requiring security

11

Reassociation denied due to inability to confirm that association exists

NOT SUPPORTED

12

Association denied due to reason outside the scope of this standard

Example : When controller receives assoc from an unknown or disabled SSID

13

Responding station does not support the specified authentication algorithm

For example, MFP is disabled but was requested by the client.

14

Received an Authentication frame with authentication transaction sequence number
out of expected sequence

If the authentication sequence number is not correct.

 

15

Authentication rejected because of challenge failure

 

16

Authentication rejected due to timeout waiting for next frame in sequence

 

17

Association denied because AP is unable to handle additional associated stations

Will happen if you run out of AIDs on the AP; so try associating a large number of stations.

18

Association denied due to requesting station not supporting all of the data rates in the
BSSBasicRateSet parameter

Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.

19

Association denied due to requesting station not supporting the short preamble
option

NOT SUPPORTED

20

Association denied due to requesting station not supporting the PBCC modulation
option

NOT SUPPORTED

21

Association denied due to requesting station not supporting the Channel Agility
option

NOT SUPPORTED

22

Association request rejected because Spectrum Management capability is required

NOT SUPPORTED

23

Association request rejected because the information in the Power Capability
element is unacceptable

NOT SUPPORTED

24

Association request rejected because the information in the Supported Channels
element is unacceptable

NOT SUPPORTED

25

Association denied due to requesting station not supporting the Short Slot Time
option

NOT SUPPORTED

26

Association denied due to requesting station not supporting the DSSS-OFDM option

NOT SUPPORTED

27-31

Reserved

NOT SUPPORTED

32

Unspecified, QoS-related failure

NOT SUPPORTED

33

Association denied because QAP has insufficient bandwidth to handle another
QSTA

NOT SUPPORTED

34

Association denied due to excessive frame loss rates and/or poor conditions on current
operating channel

NOT SUPPORTED

35

Association (with QBSS) denied because the requesting STA does not support the
QoS facility

If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.

36

Reserved in 802.11

This is used in our code ! There is no blackbox test for this status code.

37

The request has been declined

This is not used in assoc response; ignore

38

The request has not been successful as one or more parameters have invalid values

NOT SUPPORTED

39

The TS has not been created because the request cannot be honored; however, a suggested
TSPEC is provided so that the initiating QSTA may attempt to set another TS
with the suggested changes to the TSPEC

NOT SUPPORTED

40

Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7

Sent when Aironet IE is not present for a CKIP WLAN

41

Invalid group cipher

Used when received unsupported Multicast 802.11i OUI Code

42

Invalid pairwise cipher

 

43

Invalid AKMP

 

44

Unsupported RSN information element version

If you put anything but version value of 1, you will see this code.

45

Invalid RSN information element capabilities

If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.

46

Cipher suite rejected because of security policy

NOT SUPPORTED

47

The TS has not been created; however, the HC may be capable of creating a TS, in
response to a request, after the time indicated in the TS Delay element

NOT SUPPORTED

48

Direct link is not allowed in the BSS by policy

NOT SUPPORTED

49

Destination STA is not present within this QBSS

NOT SUPPORTED

50

The Destination STA is not a QSTA

NOT SUPPORTED

51

Association denied because the ListenInterval is too large

NOT SUPPORTED

200
(0xC8)

 

Unspecified, QoS-related failure.
Not defined in IEEE, defined in CCXv4

Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.

201
(0xC9)

TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code.
Not defined in IEEE, defined in CCXv4

This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.

202
(0xCA)

Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only.
Not defined in IEEE, defined in CCXv4

 

203
(0xCB)

Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.

Not defined in IEEE, defined in CCXv4

This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

802.11 Deauth Reason Codes

When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

Code802.11 definitionExplanation
0ReservedNOT SUPPORTED
1Unspecified reasonTBD
2Previous authentication no longer validNOT SUPPORTED
3station is leaving (or has left) IBSS or ESSNOT SUPPORTED
4Disassociated due to inactivityDo not send any data after association;
5Disassociated because AP is unable to handle all currently associated stationsTBD
6Class 2 frame received from nonauthenticated station

 

NOT SUPPORTED
7Class 3 frame received from nonassociated stationNOT SUPPORTED
8Disassociated because sending station is leaving (or has left) BSSTBD
9Station requesting (re)association is not authenticated with responding stationNOT SUPPORTED
10Disassociated because the information in the Power Capability element is unacceptableNOT SUPPORTED
11Disassociated because the information in the Supported Channels element is unacceptableNOT SUPPORTED
12ReservedNOT SUPPORTED
13Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7
NOT SUPPORTED
14Message integrity code (MIC) failureNOT SUPPORTED
154-Way Handshake timeoutNOT SUPPORTED
16Group Key Handshake timeoutNOT SUPPORTED
17Information element in 4-Way Handshake different from (Re)Association Request/Probe
Response/Beacon frame
NOT SUPPORTED
18Invalid group cipherNOT SUPPORTED
19Invalid pairwise cipherNOT SUPPORTED
20Invalid AKMPNOT SUPPORTED
21Unsupported RSN information element versionNOT SUPPORTED
22Invalid RSN information element capabilitiesNOT SUPPORTED
23IEEE 802.1X authentication failedNOT SUPPORTED
24Cipher suite rejected because of the security policyNOT SUPPORTED
25-31ReservedNOT SUPPORTED
32Disassociated for unspecified, QoS-related reasonNOT SUPPORTED
33Disassociated because QAP lacks sufficient bandwidth for this QSTANOT SUPPORTED
34Disassociated because excessive number of frames need to be acknowledged, but are not
acknowledged due to AP transmissions and/or poor channel conditions
NOT SUPPORTED
35Disassociated because QSTA is transmitting outside the limits of its TXOPsNOT SUPPORTED
36Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)NOT SUPPORTED
37Requested from peer QSTA as it does not want to use the mechanismNOT SUPPORTED
38Requested from peer QSTA as the QSTA received frames using the mechanism for which
a setup is required
NOT SUPPORTED
39Requested from peer QSTA due to timeoutNOT SUPPORTED
40Peer QSTA does not support the requested cipher suiteNOT SUPPORTED
46-6553546--65 535 ReservedNOT SUPPORTED
98Cisco definedTBD
99Cisco defined
Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc
Example: Send a Deauth to the AP with the reason code to be invalid, say zero

 

Shoichi
Conversationalist

Thanks for the quick response!  Well, 802.11 Deauth Reason Codes you listed looks the one. However, is it documented that the reason codes in the syslog can be referred to 802.11 Deauth Reason Codes ?

Get notified when there are additional replies to this discussion.