WLAN Authentication and Deauthentication Frames Explained

wlan
authentication
deauthentication
frame
status code

This page describes the WLAN authentication frame and deauthentication frame as per the IEEE 802.11 WLAN standard. It also dives into WLAN status codes and reason codes.

Authentication in a WLAN network is all about verifying a station’s identity before it can fully associate with the network. Deauthentication, on the other hand, is the process of terminating that established authentication. Different algorithms have been developed to handle this. The ‘Authentication Algorithm Number’ determines which algorithm is used. Because there are many steps involved in the authentication process, a sequence number is used for all the frames exchanged during authentication.

WLAN authentication frame

The ‘Status Code’ and ‘Challenge Text’ fields are used in various ways depending on the authentication algorithm being used. The challenge text is transmitted using the ‘Challenge Text information element’. This shared key authentication system requires the mobile station to successfully decrypt the encrypted challenge text.

Challenge Text Information Element:

  • Element ID - 1 byte
  • Length - 1 byte
  • Challenge text - 1 to 253 bytes

WLAN Status Codes

The status code field is 16 bits in size. It indicates whether an operation was successful or not. A value of 0 indicates success, while any non-zero value indicates a failure.

WLAN Status CodeDescription
Code-0Operation completed successfully
Code-1Unspecified failure
Code-2-9Unused
Code-10Requested capability is too broad and hence cannot be supported
Code-11Reassociation denied, prior association cannot be identified and transferred
Code-12Association denied for a reason not specified in WLAN 802.11 standard
Code-13Requested authentication algorithm not supported
Code-14Unexpected authentication sequence number
Code-15Authentication rejected, the response to the challenge failed
Code-16Authentication rejected, the next frame in the sequence did not arrive in the expected window
Code-17Association denied; the access point is resource constrained
Code-18Association denied; the mobile station does not support all the data rates required by the BSS
Code-19Association denied; the mobile station does not support the short preamble option
Code-20Association denied; the mobile station does not support PBCC modulation
Code-21Association denied, mobile station does not support channel agility option
Code-22-65535Reserved

WLAN Deauthentication Frame

WLAN deauthentication frame

As the name implies, this frame is used to end an authentication relationship between an Access Point (AP) and a Station (STA). A ‘Reason Code’ field, 16 bits in size, is included to specify why the sender is leaving the network.

WLAN Reason Codes

WLAN Status CodeDescription
Code-0Reserved
Code-1Unspecified
Code-2Prior authentication is not valid
Code-3Station has left the basic service area or extended service area and is de-authenticated
Code-4Inactivity timer expired and station was disassociated
Code-5Disassociated due to insufficient resources at the access point
Code-6Incorrect frame type or subtype received from unauthenticated station
Code-7Incorrect frame type or subtype received from unassociated station
Code-8Station has left the basic service area or extended service area and is disassociated
Code-9Association or reassociation requested before authentication is complete
Code-10 to 65535Reserved
WLAN Class 1, 2, and 3 Frames Explained

WLAN Class 1, 2, and 3 Frames Explained

Understand the differences between WLAN Class 1, Class 2, and Class 3 frames based on the IEEE 802.11 standard and station authentication/association states.

wlan
802.11
frame
Understanding WiFi Roaming: How it Works

Understanding WiFi Roaming: How it Works

Explore the basics of WiFi roaming, including internal and external roaming, the roles of STA, AP, and AS, and the typical procedure involved. Also, learn about WiFi roaming test solution.

wifi
wlan
roaming