Morning/Afternoon/Evening all,
Have been recently troubleshooting a sporadic issue, which only seems to happen to a small number of devices. There's no overall rhyme or reason, and one hardware/software combo will face the issue, but another of the same will not. Based on that, away to packet capture and user-debug logs I went. In the midst of that, I encountered the below (output filtered)
Sep 18 15:17:09 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:53:07 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:53:18 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:28 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:36 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:47 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:53:57 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:54:35 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 13 Sep 18 15:54:49 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 68 Sep 18 15:59:39 :522296: <4978> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user ac:37:43:dc:bd:0c age 0 deauth_reason 27
At the risk of sounding like a blog post, I won't go into my next steps, but I've seemingly arrived at a problem for the specific AP, on the 5Ghz radio (from AP driver-logs).
However before I got to that point, I had attempted to understand what deauth_reason 13 actually means, and I'm afraid really I'm no closer. Code 68 in my vendor context is a roaming event, and 27 as per the 802.11 standard is "Disassociated because session terminated by SSP request".
All I have per deauth_reason 13 is, as per the standard, "Invalid element, i.e., an element defined in this standard for which the content does not meet the specifications in Clause 9". Clause 9 talks about the Frame format, so I could only surmise that something in the frame is incorrect (such as FCS, or frame size incorrect etc).
I suppose the question I'm really asking, is if you've come across this before with your own devices/user devices, and how you went around troubleshooting/debugging it. I was lucky because it was happening to my device which offered a lot more access than I would typically have..
Thanks for the read, sorry for the length!
No comments:
Post a Comment