- Cisco Employee,
802.11 Association Status, 802.11 Deauth Reason codes
802.11 Association Status Codes
For example : when there is no ssid specified in an association request
Cannot support all requested capabilities in the Capability Information field
Example Test: Reject when privacy bit is set for WLAN not requiring security
Reassociation denied due to inability to confirm that association exists
Association denied due to reason outside the scope of this standard
Example : When controller receives assoc from an unknown or disabled SSID
Responding station does not support the specified authentication algorithm
For example, MFP is disabled but was requested by the client.
Received an Authentication frame with authentication transaction sequence number
If the authentication sequence number is not correct.
Authentication rejected because of challenge failure
Authentication rejected due to timeout waiting for next frame in sequence
Association denied because AP is unable to handle additional associated stations
Will happen if you run out of AIDs on the AP; so try associating a large number of stations.
Association denied due to requesting station not supporting all of the data rates in the
Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.
Association denied due to requesting station not supporting the short preamble
Association denied due to requesting station not supporting the PBCC modulation
Association denied due to requesting station not supporting the Channel Agility
Association request rejected because Spectrum Management capability is required
Association request rejected because the information in the Power Capability
Association request rejected because the information in the Supported Channels
Association denied due to requesting station not supporting the Short Slot Time
Association denied due to requesting station not supporting the DSSS-OFDM option
Unspecified, QoS-related failure
Association denied because QAP has insufficient bandwidth to handle another
Association denied due to excessive frame loss rates and/or poor conditions on current
Association (with QBSS) denied because the requesting STA does not support the
If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.
Reserved in 802.11
This is used in our code ! There is no blackbox test for this status code.
The request has been declined
This is not used in assoc response; ignore
The request has not been successful as one or more parameters have invalid values
The TS has not been created because the request cannot be honored; however, a suggested
Invalid information element, i.e., an information element defined in this standard for
Sent when Aironet IE is not present for a CKIP WLAN
Invalid group cipher
Used when received unsupported Multicast 802.11i OUI Code
Invalid pairwise cipher
Unsupported RSN information element version
If you put anything but version value of 1, you will see this code.
Invalid RSN information element capabilities
If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.
Cipher suite rejected because of security policy
The TS has not been created; however, the HC may be capable of creating a TS, in
Direct link is not allowed in the BSS by policy
Destination STA is not present within this QBSS
The Destination STA is not a QSTA
Association denied because the ListenInterval is too large
Unspecified, QoS-related failure.
Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.
TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code.
This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.
Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only.
Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.
Not defined in IEEE, defined in CCXv4
This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.
802.11 Deauth Reason Codes
When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"
|2||Previous authentication no longer valid||NOT SUPPORTED|
|3||station is leaving (or has left) IBSS or ESS||NOT SUPPORTED|
|4||Disassociated due to inactivity||Do not send any data after association;|
|5||Disassociated because AP is unable to handle all currently associated stations||TBD|
|6||Class 2 frame received from nonauthenticated station|
|7||Class 3 frame received from nonassociated station||NOT SUPPORTED|
|8||Disassociated because sending station is leaving (or has left) BSS||TBD|
|9||Station requesting (re)association is not authenticated with responding station||NOT SUPPORTED|
|10||Disassociated because the information in the Power Capability element is unacceptable||NOT SUPPORTED|
|11||Disassociated because the information in the Supported Channels element is unacceptable||NOT SUPPORTED|
|13||Invalid information element, i.e., an information element defined in this standard for|
which the content does not meet the specifications in Clause 7
|14||Message integrity code (MIC) failure||NOT SUPPORTED|
|15||4-Way Handshake timeout||NOT SUPPORTED|
|16||Group Key Handshake timeout||NOT SUPPORTED|
|17||Information element in 4-Way Handshake different from (Re)Association Request/Probe|
|18||Invalid group cipher||NOT SUPPORTED|
|19||Invalid pairwise cipher||NOT SUPPORTED|
|20||Invalid AKMP||NOT SUPPORTED|
|21||Unsupported RSN information element version||NOT SUPPORTED|
|22||Invalid RSN information element capabilities||NOT SUPPORTED|
|23||IEEE 802.1X authentication failed||NOT SUPPORTED|
|24||Cipher suite rejected because of the security policy||NOT SUPPORTED|
|32||Disassociated for unspecified, QoS-related reason||NOT SUPPORTED|
|33||Disassociated because QAP lacks sufficient bandwidth for this QSTA||NOT SUPPORTED|
|34||Disassociated because excessive number of frames need to be acknowledged, but are not|
acknowledged due to AP transmissions and/or poor channel conditions
|35||Disassociated because QSTA is transmitting outside the limits of its TXOPs||NOT SUPPORTED|
|36||Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)||NOT SUPPORTED|
|37||Requested from peer QSTA as it does not want to use the mechanism||NOT SUPPORTED|
|38||Requested from peer QSTA as the QSTA received frames using the mechanism for which|
a setup is required
|39||Requested from peer QSTA due to timeout||NOT SUPPORTED|
|40||Peer QSTA does not support the requested cipher suite||NOT SUPPORTED|
|46-65535||46--65 535 Reserved||NOT SUPPORTED|
Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc
|Example: Send a Deauth to the AP with the reason code to be invalid, say zero|