802.11 Association Status, 802.11 Deauth Reason codes

Document

Fri, 05/12/2017 - 16:53
May 17th, 2013
User Badges:
  • Cisco Employee,


 

Introduction

802.11 Association Status, 802.11 Deauth Reason codes

802.11 Association Status Codes

Code

802.11 definition

Explanation

0

Successful

 

1

Unspecified failure

For example : when there is no ssid specified in an association request

10

Cannot support all requested capabilities in the Capability Information field

Example Test: Reject when privacy bit is set for WLAN not requiring security

11

Reassociation denied due to inability to confirm that association exists

NOT SUPPORTED

12

Association denied due to reason outside the scope of this standard

Example : When controller receives assoc from an unknown or disabled SSID

13

Responding station does not support the specified authentication algorithm

For example, MFP is disabled but was requested by the client.

14

Received an Authentication frame with authentication transaction sequence number
out of expected sequence

If the authentication sequence number is not correct.

 

15

Authentication rejected because of challenge failure

 

16

Authentication rejected due to timeout waiting for next frame in sequence

 

17

Association denied because AP is unable to handle additional associated stations

Will happen if you run out of AIDs on the AP; so try associating a large number of stations.

18

Association denied due to requesting station not supporting all of the data rates in the
BSSBasicRateSet parameter

Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.

19

Association denied due to requesting station not supporting the short preamble
option

NOT SUPPORTED

20

Association denied due to requesting station not supporting the PBCC modulation
option

NOT SUPPORTED

21

Association denied due to requesting station not supporting the Channel Agility
option

NOT SUPPORTED

22

Association request rejected because Spectrum Management capability is required

NOT SUPPORTED

23

Association request rejected because the information in the Power Capability
element is unacceptable

NOT SUPPORTED

24

Association request rejected because the information in the Supported Channels
element is unacceptable

NOT SUPPORTED

25

Association denied due to requesting station not supporting the Short Slot Time
option

NOT SUPPORTED

26

Association denied due to requesting station not supporting the DSSS-OFDM option

NOT SUPPORTED

27-31

Reserved

NOT SUPPORTED

32

Unspecified, QoS-related failure

NOT SUPPORTED

33

Association denied because QAP has insufficient bandwidth to handle another
QSTA

NOT SUPPORTED

34

Association denied due to excessive frame loss rates and/or poor conditions on current
operating channel

NOT SUPPORTED

35

Association (with QBSS) denied because the requesting STA does not support the
QoS facility

If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.

36

Reserved in 802.11

This is used in our code ! There is no blackbox test for this status code.

37

The request has been declined

This is not used in assoc response; ignore

38

The request has not been successful as one or more parameters have invalid values

NOT SUPPORTED

39

The TS has not been created because the request cannot be honored; however, a suggested
TSPEC is provided so that the initiating QSTA may attempt to set another TS
with the suggested changes to the TSPEC

NOT SUPPORTED

40

Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7

Sent when Aironet IE is not present for a CKIP WLAN

41

Invalid group cipher

Used when received unsupported Multicast 802.11i OUI Code

42

Invalid pairwise cipher

 

43

Invalid AKMP

 

44

Unsupported RSN information element version

If you put anything but version value of 1, you will see this code.

45

Invalid RSN information element capabilities

If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.

46

Cipher suite rejected because of security policy

NOT SUPPORTED

47

The TS has not been created; however, the HC may be capable of creating a TS, in
response to a request, after the time indicated in the TS Delay element

NOT SUPPORTED

48

Direct link is not allowed in the BSS by policy

NOT SUPPORTED

49

Destination STA is not present within this QBSS

NOT SUPPORTED

50

The Destination STA is not a QSTA

NOT SUPPORTED

51

Association denied because the ListenInterval is too large

NOT SUPPORTED

200
(0xC8)

 

Unspecified, QoS-related failure.
Not defined in IEEE, defined in CCXv4

Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.

201
(0xC9)

TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code.
Not defined in IEEE, defined in CCXv4

This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.

202
(0xCA)

Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only.
Not defined in IEEE, defined in CCXv4

 

203
(0xCB)

Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.

Not defined in IEEE, defined in CCXv4

This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

802.11 Deauth Reason Codes

When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

Code802.11 definitionExplanation
0ReservedNOT SUPPORTED
1Unspecified reasonTBD
2Previous authentication no longer validNOT SUPPORTED
3station is leaving (or has left) IBSS or ESSNOT SUPPORTED
4Disassociated due to inactivityDo not send any data after association;
5Disassociated because AP is unable to handle all currently associated stationsTBD
6Class 2 frame received from nonauthenticated station

 

NOT SUPPORTED
7Class 3 frame received from nonassociated stationNOT SUPPORTED
8Disassociated because sending station is leaving (or has left) BSSTBD
9Station requesting (re)association is not authenticated with responding stationNOT SUPPORTED
10Disassociated because the information in the Power Capability element is unacceptableNOT SUPPORTED
11Disassociated because the information in the Supported Channels element is unacceptableNOT SUPPORTED
12ReservedNOT SUPPORTED
13Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7
NOT SUPPORTED
14Message integrity code (MIC) failureNOT SUPPORTED
154-Way Handshake timeoutNOT SUPPORTED
16Group Key Handshake timeoutNOT SUPPORTED
17Information element in 4-Way Handshake different from (Re)Association Request/Probe
Response/Beacon frame
NOT SUPPORTED
18Invalid group cipherNOT SUPPORTED
19Invalid pairwise cipherNOT SUPPORTED
20Invalid AKMPNOT SUPPORTED
21Unsupported RSN information element versionNOT SUPPORTED
22Invalid RSN information element capabilitiesNOT SUPPORTED
23IEEE 802.1X authentication failedNOT SUPPORTED
24Cipher suite rejected because of the security policyNOT SUPPORTED
25-31ReservedNOT SUPPORTED
32Disassociated for unspecified, QoS-related reasonNOT SUPPORTED
33Disassociated because QAP lacks sufficient bandwidth for this QSTANOT SUPPORTED
34Disassociated because excessive number of frames need to be acknowledged, but are not
acknowledged due to AP transmissions and/or poor channel conditions
NOT SUPPORTED
35Disassociated because QSTA is transmitting outside the limits of its TXOPsNOT SUPPORTED
36Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)NOT SUPPORTED
37Requested from peer QSTA as it does not want to use the mechanismNOT SUPPORTED
38Requested from peer QSTA as the QSTA received frames using the mechanism for which
a setup is required
NOT SUPPORTED
39Requested from peer QSTA due to timeoutNOT SUPPORTED
40Peer QSTA does not support the requested cipher suiteNOT SUPPORTED
46-6553546--65 535 ReservedNOT SUPPORTED
98Cisco definedTBD
99Cisco defined
Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc
Example: Send a Deauth to the AP with the reason code to be invalid, say zero

 

Loading.
Saravanan Lakshmanan Mon, 05/20/2013 - 10:44
User Badges:
  • Cisco Employee,

Thanks George, and also your AVC SR takencare as well some days ago I'm on documenting that info to make available in cco. Keep asking hard and challenging questions as always!!!

George Stefanick Mon, 05/20/2013 - 10:53
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Thanks Saravanan. You do good work and keep the forum updated in the documentation section. Keep up the efforts my friend.


I dont know if you have time, but I think having a TAC engineer outline what they look at in a client debug would be very helpful to the community.

Saravanan Lakshmanan Mon, 05/20/2013 - 11:07
User Badges:
  • Cisco Employee,

'client debug' - Suppose to have this done long time ago by Cisco, the thing is it takes enormous effort to cover most of the common/interoperability scenarios to have a good outlook, particularly tried to develop a tool using scripts that will throw the result when copy/paste the debug client output to it, Will keep that in mind and i may try to follow up with you on email regards to this one to cover common scenarios.

George Stefanick Mon, 05/20/2013 - 11:16
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Thanks

Leo Laohoo Wed, 05/29/2013 - 22:20
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Nice one, Saravanan.  +5

Andrew Grech Tue, 06/18/2013 - 07:59
User Badges:

Hi Saravanan, What is an AID?

Association denied because AP is unable to handle additional associated stationsWill happen if you run out of AIDs on the AP; so try associating a large number of stations.



I always thought this was aggressive load balancing.


Thanks

Saravanan Lakshmanan Sat, 12/28/2013 - 09:48
User Badges:
  • Cisco Employee,

guess there are 255 AIDs per AP radio or bssid, i am unsure. if all AIDs are used up then new client cannot associate on that radio. resetting the AP should fix it.

George Stefanick Sun, 12/29/2013 - 14:46
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Standard 802.11_2012  section 8.4.1.8 states aid value is 1-2007 ..

Saravanan Lakshmanan Mon, 12/30/2013 - 10:03
User Badges:
  • Cisco Employee,

I agree with you , however cisco using 256 AID, ie from 0 to 255. The below bug reflects the same as proof.


https://tools.cisco.com/bugsearch/bug/CSCtn52948


%LWAPP-3-INVALID_AID2: spam_api.c:1068 Association identifier 1 for client 00:26:5e:00:00:00 is already in use by 78:e4:00:00:00:00


%LWAPP-3-MAX_AID2: spam_api.c:1047 Reached max limit on the association ID for AP (max association ID 256)
stefan.angerer Tue, 06/18/2013 - 14:32
User Badges:
  • Bronze, 100 points or more

@Andrew: AID stands for Associantion ID - a unique number, given by the AP to the client after a successful association.


hth

Stefan

George Stefanick Mon, 12/30/2013 - 10:05
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Nice .. I need to ask, you fired up the lab and found 257 devices to connect ?

nipunsupport Wed, 02/01/2017 - 02:53
User Badges:

Hi Saravanan,

i found one errorcode which you mention is 34,could please let meknow the reason for this.

34

Association denied due to excessive frame loss rates and/or poor conditions on current
operating channel

NOT SUPPORTED

michaelblum Tue, 02/14/2017 - 06:20
User Badges:

I have a question for the community.


What should the proper client response be, if the client receives a deauth with a reason code 15?

Vince Thu, 03/23/2017 - 11:46
User Badges:

Thanks for the information.


What is the explanation for the Assocation Status Code 204 (0xCC)?

Attachment: 

Actions

This Document

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode