AP6522 Log comprehensions


Hello,

We have 12 AP6522 and a RFS4000 Wireless Controller. All of them are in version 5.5.1.0-017R. The peripherals connected to the AP are 25 MC90XX.

Since september, we started to check the logs of the AP and I need some help to understand some message or to solve some alerts.

There are the message :

  1. KERN-3-ERR: 0| bridge.c:1598 Warning: Filtering MAC address 00-00-00-00-00-00 on vlan 1 port up1 from FDB.
  2. DOT11-5-WPA_WPA2_FAILED: Client 00-23-68-00-00-00 failed group key handshake on wlan TerminauxMobiles radio ap6522-AP1:R1
  3. DOT11-6-CLIENT_DISASSOCIATED: Client 00-23-68-00-00-00 disassociated from wlan TerminauxMobiles radio ap6522-AP9:R1: client initiated (reason code:3)
  4. DOT11-6-CLIENT_DISASSOCIATED: Client 00-23-68-00-00-00 disassociated from wlan TerminauxMobiles radio ap6522-AP3:R1: dot11i 4way handshake timeout (reason code:15)
  5. DOT11-6-CLIENT_DISASSOCIATED: Client 00-23-68-00-00-00 disassociated from wlan TerminauxMobiles radio ap6522-AP8:R1: dot11i group handshake timeout (reason code:16)
I found in the FAQ a similar message for KERN-3-ERR but it's slighty different.

I understand with the second message that there is a problem between the AP and the peripheral.

In the manual for the Wing Wireless Reason Code, reason code says "station has left ess" but it doesn't help me.

For the reason code 15 & 16, the manual says that the problem come from the AP or the client. But the wireless cover is excellent and this messages concern all peripheral.

Some peripherals are in 2,4GHz and some in 5GHz. The AP are at 10m high. I think the height may be the problem.

Can you help me with this alerts ?

Best regards.

10 replies

Userlevel 7
The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

Thank you, I had a file but I don't look at the FAQ for the reason code. It 's similar to my file content.
Could you give some explanation of some terms like "group-key handshake" or "ess" ? I search for "group-key handshake". I see it's a communication protocol between 2 systems.
Thanks.
Userlevel 7
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

https://en.wikipedia.org/wiki/IEEE_802.11i-2004\
The group key is for broadcast/multicast messages between the AP-client.

I'd recommend to read this book to get a better unterstanding..
https://www.amazon.fr/Cwna-Certified-Wireless-Administrator-Official/dp/1118893700/
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

Thanks for additional information.

Do you know this alert : KERN-3-ERR: 0| bridge.c:1598 Warning: Filtering MAC address 00-00-00-00-00-00 on vlan 1 port up1 from FDB ?
I can't find a good explanation. I see a similar message in the FAQ but it's diffrent.

Thanks.
Userlevel 4
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

I get the same 00-00-00-00-00-00 MAC message with a RFS6000 and WiNG 5.8.4. But don't see any of this packages.

For the reason code 15 and 16 you can do a packet capture to understand the problem. Maybe do a spectrum analyst, of the signal strength is perfect.
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

We get an intervention to check the Wifi signal and the strengh is good on the entire warehouse. The AP cover very well the building.

For the pocket capture, did you advice me a soft in particular ?
Thanks.
Userlevel 4
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

Do you also check the warehouse for SNR, Channel plan and CCI?

Just checking for Signal say's mostly nothing
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

Yes, the channel plan and CCI are good.
For the SNR too. There a pertubation an AP and the controller. For the rest of the AP, there is no noise.
The intervention was carry out by a Wireless specialist.
Userlevel 4
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

For me it sound like a client problem or a wifi design problem.

Capturing is running like this:
remote-debug live-pktcap rf-domain write tftp:///filename.pcap radio all count 1000 filter ether host

This write 1000 packages to your TFTP Server for the client include all wireless packages with the client mac.

With this pcap you can check what happens.
Ron wrote:

The dissass reason codes are per 802.11 standard - here a list of a KB article with the list....

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-s-mean-of-802-11-Deauth-Reason-Codes

I'll try that and reply if I need help. Thanks for your help.

Reply