M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Deauthenticate request from client. Reason code: (value='Sending station is leaving IBSS or ESS')

 
Highlighted
Ana_Gallardo
Visitor

Deauthenticate request from client. Reason code: (value='Sending station is leaving IBSS or ESS')

¡Hello!

 

I have autonomous access pints MSM430 with software version: 6.5.0.0-19493

 

I have a problem whit an user that can not authenticate with EAP-TTLS-PAP. I have the messaje

 

Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/AssociationMgr] Received new association report (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/AssociationMgr] Handling reported new association (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/AssociationMgr] Handling new association (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/AssociationMgr] Invoking association notification callback (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer] Received a new association event (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/ClientSessionMgr] Client session successfully applied (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/ClientSessionMgr] Invoking client session notification callback (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer] Received a created client session event (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I macauth: [AccessControllerServer/ClientSessionMgr] Received notification of a new association event for client session (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:08 PACCPOL11I atf wvlan1 attach sta[cb6ecc00] 00:07:88:c8:b7:9b ref ccef0000
Oct 21 12:47:08 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='91') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='92') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Received EAPOL Start from station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='94') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:12 PACCPOL11I eventmgr: EVENT[1494112] No PMKID found in association request sent by client (mac='00:07:88:C8:B7:9B') on interface (value='r2v2')
Oct 21 12:47:12 PACCPOL11I eventmgr: EVENT[1494113] Client (mac='00:07:88:C8:B7:9B') has successfully authenticated using 802.11 authentication on interface (value='r2v2') using SSID (value='eduroam')
Oct 21 12:47:12 PACCPOL11I eventmgr: EVENT[1494114] Client (mac='00:07:88:C8:B7:9B') associated successfully on interface (value='r2v2') using SSID (value='eduroam')
Oct 21 12:47:12 PACCPOL11I macauth: [AccessControllerServer/AssociationMgr] Handling lost association (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:12 PACCPOL11I macauth: [AccessControllerServer] Received a lost association event (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:12 PACCPOL11I macauth: [AccessControllerServer] Terminating session (type='mac',mac-address='00:07:88:C8:B7:9B) related to lost association (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:12 PACCPOL11I macauth: [AccessControllerServer] Received a terminated client session event (type='mac',mac-address='00:07:88:C8:B7:9B)
Oct 21 12:47:12 PACCPOL11I atf wvlan1 detach sta[cb6ecc00] 00:07:88:c8:b7:9b ref ccef0000
Oct 21 12:47:17 PACCPOL11I eventmgr: EVENT[1494115] AP received a deauthenticate request from client (mac='00:07:88:C8:B7:9B') on interface (value='r2v2') using SSID (value='eduroam'). Reason code: (value='Sending station is leaving IBSS or ESS'). Total number of clients: (value='0')

 

 

Can help me somebody?

 

Thank you very much.

3 REPLIES 3
Highlighted
RamKrish
Valued Contributor

Re: Deauthenticate request from client. Reason code: (value='Sending station is leaving IBSS or ESS

Is this just specific to one or some client?

OR

All of the client having problem associating to the SSID?

 

Looks like the authenticaiton failures causing the issue, AP is sending the EAP-Identity request to the client according to the logs.. .but there is no response coming back:

 

Oct 21 12:47:08 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='91') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='92') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Received EAPOL Start from station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='94') to station (mac-address='00:07:88:C8:B7:9B').

 

 

there should Identity Response... but i dont see one

 

Either the client received the Identity Request but didnt response to it?

OR

The client did not receive the Identity Request from the AP.. might be lost in the air due to noise/interference?

 

Did you disable any lower data rates on the VSC profile?  If so, you may want to enable the lower data rates and try if that helps..

 

Alternatively, it could be the certificate on the client/server side is not matching each other.. and subsequently its failing?

 

 

Regards
Ram
Highlighted
Ana_Gallardo
Visitor

Re: Deauthenticate request from client. Reason code: (value='Sending station is leaving IBSS or ESS

Hello RamKrish,
thank you very much for yoour response.

Is this just specific to one or some client?

 

To some clients.

 

All of the client having problem associating to the SSID?

 

No all the clients.

 

Looks like the authenticaiton failures causing the issue, AP is sending the EAP-Identity request to the client according to the logs.. .but there is no response coming back:

 

Oct 21 12:47:08 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='91') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='92') to station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Received EAPOL Start from station (mac-address='00:07:88:C8:B7:9B').
Oct 21 12:47:09 PACCPOL11I eapolserver: Sending EAPOL (frame-length='30') EAP Identity Request (length='12',id='94') to station (mac-address='00:07:88:C8:B7:9B').

 

there should Identity Response... but i dont see one

 

There should be an "Accepted Identity Response"... I don't know why the client doen't send the identity...

 

Either the client received the Identity Request but didnt response to it?

OR

The client did not receive the Identity Request from the AP.. might be lost in the air due to noise/interference?

 

I don't know, I don't have a sniffer in the client side.

 

Did you disable any lower data rates on the VSC profile?  If so, you may want to enable the lower data rates and try if that helps..

 

No, I don't disable any  lower data rates.

 

Alternatively, it could be the certificate on the client/server side is not matching each other.. and subsequently its failing?

 

I think the certificates are not the problem because this client (00:07:88:C8:B7:9B) was authenticated earlier.

 

Thank you very much

Highlighted
RamKrish
Valued Contributor

Re: Deauthenticate request from client. Reason code: (value='Sending station is leaving IBSS or ESS

Unless we know why the client is not responding, there is no way to isoalte this issue.

 

Better to do a wireless sniffing (you can use Apple Macbook - sniffer tool to capture wireless packet capture), to see if the client has received the EAP packet from AP or not.  Then subsequently if the client has responded to those EAP or not.

 

If you still face issues, suggest to raise a support case to take more closer look at other data that might possibly explain the authenticaiton failures.

Regards
Ram