;)
Monday
May202013
Cisco client debug - 802.11 Association Status Code
Monday, May 20, 2013 at 3:57PM When you enable client debug you can be hit with a ton of information. One of the things I look at is the 802.11 association status code. The status code is very telling. It can provide information about your client and if there is a connection issue. Another tool to add to your bag of tricks.
Lets take a peek at a debug log
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 08:1f:f3:e1:8f:c0 vapId 4 apVapId 4for this client
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 08:1f:f3:e1:8f:c0 vapId 4 apVapId 4
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a apfMsAssoStateInc
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile b4:f0:ab:e3:19:6a on AP 08:1f:f3:e1:8f:c0 from Idle to Associated
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a Sending Assoc Response to station on BSSID 08:1f:f3:e1:8f:c0 (status 0) ApVapId 4 Slot 0
*apfMsConnTask_0: May 11 23:31:21.186: b4:f0:ab:e3:19:6a apfProcessAssocReq (apf_80211.c:5272) Changing state for mobile b4:f0:ab:e3:19:6a on AP 08:1f:f3:e1:8f:c0 from Associated to Associated
Our debug shows a status code of 0. Referencing our chart below we will find our association was a success.
| Code | 802.11 definition | Explanation |
| 0 | Successful | |
| 1 | Unspecified failure | For example : when there is no ssid specified in an association request |
| 10 | Cannot support all requested capabilities in the Capability Information field | Example Test: Reject when privacy bit is set for WLAN not requiring security |
| 11 | Reassociation denied due to inability to confirm that association exists | NOT SUPPORTED |
| 12 | Association denied due to reason outside the scope of this standard | Example : When controller receives assoc from an unknown or disabled SSID |
| 13 | Responding station does not support the specified authentication algorithm | For example, MFP is disabled but was requested by the client. |
| 14 | Received an Authentication frame with authentication transaction sequence number out of expected sequence |
If the authentication sequence number is not correct. |
|
15 |
Authentication rejected because of challenge failure | |
| 16 | Authentication rejected due to timeout waiting for next frame in sequence | |
| 17 | Association denied because AP is unable to handle additional associated stations | Will happen if you run out of AIDs on the AP; so try associating a large number of stations. |
| 18 | Association denied due to requesting station not supporting all of the data rates in the BSSBasicRateSet parameter |
Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon. |
| 19 | Association denied due to requesting station not supporting the short preamble option |
NOT SUPPORTED |
| 20 | Association denied due to requesting station not supporting the PBCC modulation option |
NOT SUPPORTED |
| 21 | Association denied due to requesting station not supporting the Channel Agility option |
NOT SUPPORTED |
| 22 | Association request rejected because Spectrum Management capability is required | NOT SUPPORTED |
| 23 | Association request rejected because the information in the Power Capability element is unacceptable |
NOT SUPPORTED |
| 24 | Association request rejected because the information in the Supported Channels element is unacceptable |
NOT SUPPORTED |
| 25 | Association denied due to requesting station not supporting the Short Slot Time option |
NOT SUPPORTED |
| 26 | Association denied due to requesting station not supporting the DSSS-OFDM option | NOT SUPPORTED |
| 27-31 | Reserved | NOT SUPPORTED |
| 32 | Unspecified, QoS-related failure | NOT SUPPORTED |
| 33 | Association denied because QAP has insufficient bandwidth to handle another QSTA |
NOT SUPPORTED |
| 34 | Association denied due to excessive frame loss rates and/or poor conditions on current operating channel |
NOT SUPPORTED |
| 35 | Association (with QBSS) denied because the requesting STA does not support the QoS facility |
If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected. |
| 36 | Reserved in 802.11 | This is used in our code ! There is no blackbox test for this status code. |
| 37 | The request has been declined | This is not used in assoc response; ignore |
| 38 | The request has not been successful as one or more parameters have invalid values | NOT SUPPORTED |
| 39 | The TS has not been created because the request cannot be honored; however, a suggested TSPEC is provided so that the initiating QSTA may attempt to set another TS with the suggested changes to the TSPEC |
NOT SUPPORTED |
| 40 | Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7 |
Sent when Aironet IE is not present for a CKIP WLAN |
| 41 | Invalid group cipher | Used when received unsupported Multicast 802.11i OUI Code |
| 42 | Invalid pairwise cipher | |
| 43 | Invalid AKMP | |
| 44 | Unsupported RSN information element version | If you put anything but version value of 1, you will see this code. |
| 45 | Invalid RSN information element capabilities | If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code. |
| 46 | Cipher suite rejected because of security policy | NOT SUPPORTED |
| 47 | The TS has not been created; however, the HC may be capable of creating a TS, in response to a request, after the time indicated in the TS Delay element |
NOT SUPPORTED |
| 48 | Direct link is not allowed in the BSS by policy | NOT SUPPORTED |
| 49 | Destination STA is not present within this QBSS | NOT SUPPORTED |
| 50 | The Destination STA is not a QSTA | NOT SUPPORTED |
| 51 | Association denied because the ListenInterval is too large | NOT SUPPORTED |
| 200 (0xC8) |
Unspecified, QoS-related failure. Not defined in IEEE, defined in CCXv4 |
Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC. |
| 201 (0xC9) |
TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code. Not defined in IEEE, defined in CCXv4 |
This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients. |
| 202 (0xCA) |
Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only. Not defined in IEEE, defined in CCXv4 |
|
| 203 (0xCB) |
Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion.
Not defined in IEEE, defined in CCXv4
|
This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC. |
Reader Comments