WLAN Authentication and Deauthentication Frames Explained
Advertisement
This page describes the WLAN authentication frame and deauthentication frame as per the IEEE 802.11 WLAN standard. It also dives into WLAN status codes and reason codes.
Authentication in a WLAN network is all about verifying a station’s identity before it can fully associate with the network. Deauthentication, on the other hand, is the process of terminating that established authentication. Different algorithms have been developed to handle this. The ‘Authentication Algorithm Number’ determines which algorithm is used. Because there are many steps involved in the authentication process, a sequence number is used for all the frames exchanged during authentication.
The ‘Status Code’ and ‘Challenge Text’ fields are used in various ways depending on the authentication algorithm being used. The challenge text is transmitted using the ‘Challenge Text information element’. This shared key authentication system requires the mobile station to successfully decrypt the encrypted challenge text.
Challenge Text Information Element:
- Element ID - 1 byte
- Length - 1 byte
- Challenge text - 1 to 253 bytes
WLAN Status Codes
The status code field is 16 bits in size. It indicates whether an operation was successful or not. A value of 0 indicates success, while any non-zero value indicates a failure.
WLAN Status Code | Description |
---|---|
Code-0 | Operation completed successfully |
Code-1 | Unspecified failure |
Code-2-9 | Unused |
Code-10 | Requested capability is too broad and hence cannot be supported |
Code-11 | Reassociation denied, prior association cannot be identified and transferred |
Code-12 | Association denied for a reason not specified in WLAN 802.11 standard |
Code-13 | Requested authentication algorithm not supported |
Code-14 | Unexpected authentication sequence number |
Code-15 | Authentication rejected, the response to the challenge failed |
Code-16 | Authentication rejected, the next frame in the sequence did not arrive in the expected window |
Code-17 | Association denied; the access point is resource constrained |
Code-18 | Association denied; the mobile station does not support all the data rates required by the BSS |
Code-19 | Association denied; the mobile station does not support the short preamble option |
Code-20 | Association denied; the mobile station does not support PBCC modulation |
Code-21 | Association denied, mobile station does not support channel agility option |
Code-22-65535 | Reserved |
WLAN Deauthentication Frame
As the name implies, this frame is used to end an authentication relationship between an Access Point (AP) and a Station (STA). A ‘Reason Code’ field, 16 bits in size, is included to specify why the sender is leaving the network.
WLAN Reason Codes
WLAN Status Code | Description |
---|---|
Code-0 | Reserved |
Code-1 | Unspecified |
Code-2 | Prior authentication is not valid |
Code-3 | Station has left the basic service area or extended service area and is de-authenticated |
Code-4 | Inactivity timer expired and station was disassociated |
Code-5 | Disassociated due to insufficient resources at the access point |
Code-6 | Incorrect frame type or subtype received from unauthenticated station |
Code-7 | Incorrect frame type or subtype received from unassociated station |
Code-8 | Station has left the basic service area or extended service area and is disassociated |
Code-9 | Association or reassociation requested before authentication is complete |
Code-10 to 65535 | Reserved |